CWE-295 · Improper Certificate Validation
1423 CVEs classified under CWE-295 (Improper Certificate Validation). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4370 | Critical | 10.0 | 2026-04-01 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to pe… |
CVE-2026-30836 | Critical | 10.0 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau… |
CVE-2025-68121 | Critical | 10.0 | 2026-02-05 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed han… |
CVE-2022-20703 | Critical | 10.0 | 2022-02-10 | Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbi… |
CVE-2021-1471 | Critical | 9.9 | 2021-03-24 | Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrar… |
CVE-2026-32253 | Critical | 9.8 | 2026-05-22 | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because o… |
CVE-2026-20184 | Critical | 9.8 | 2026-04-15 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to i… |
CVE-2026-2590 | Critical | 9.8 | 2026-03-03 | Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and e… |
CVE-2025-67229 | Critical | 9.8 | 2026-01-23 | An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof ba… |
CVE-2025-46070 | Critical | 9.8 | 2026-01-12 | An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component |
CVE-2025-29331 | Critical | 9.8 | 2025-06-26 | An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check cert… |
CVE-2025-6433 | Critical | 9.8 | 2025-06-24 | If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would… |
CVE-2025-32878 | Critical | 9.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for download… |
CVE-2024-56521 | Critical | 9.8 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. |
CVE-2024-49369 | Critical | 9.8 | 2024-11-12 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The… |
CVE-2019-20461 | Critical | 9.8 | 2024-11-07 | An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol… |
CVE-2024-45159 | Critical | 9.8 | 2024-09-05 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certifi… |
CVE-2024-42395 | Critical | 9.8 | 2024-08-06 | There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploit… |
CVE-2024-20080 | Critical | 9.8 | 2024-07-01 | In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no… |
CVE-2024-5261 | Critical | 9.8 | 2024-06-25 | Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for acce… |