CWE-295: Improper Certificate Validation — known CVE vulnerabilities
CVEs classified under CWE-295 (Improper Certificate Validation), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-4370 — CVSS 10.0 (critical): A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database…
CVE-2026-30836 — CVSS 10.0 (critical): Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not…
CVE-2025-68121 — CVSS 10.0 (critical): During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake…
CVE-2021-1471 — CVSS 9.9 (critical): Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker…
CVE-2026-20184 — CVSS 9.8 (critical): A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated…
CVE-2025-67229 — CVSS 9.8 (critical): An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path…
CVE-2025-46070 — CVSS 9.8 (critical): An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
CVE-2025-29331 — CVSS 9.8 (critical): An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui…
CVE-2025-6433 — CVSS 9.8 (critical): If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge…
CVE-2025-32878 — CVSS 9.8 (critical): An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is…
CVE-2024-56521 — CVSS 9.8 (critical): An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
CVE-2024-49369 — CVSS 9.8 (critical): Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data…
CVE-2019-20461 — CVSS 9.8 (critical): An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio…
CVE-2024-45159 — CVSS 9.8 (critical): An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the…
CVE-2024-20080 — CVSS 9.8 (critical): In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation…
CVE-2024-25140 — CVSS 9.8 (critical): A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with…
CVE-2023-42425 — CVSS 9.8 (critical): An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via…
CVE-2023-40256 — CVSS 9.8 (critical): A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the…
CVE-2022-47758 — CVSS 9.8 (critical): Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.
CVE-2023-26463 — CVSS 9.8 (critical): strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes…
CVE-2021-46880 — CVSS 9.8 (critical): x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an…
CVE-2022-45597 — CVSS 9.8 (critical): ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report…
CVE-2022-42813 — CVSS 9.8 (critical): A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed…
CVE-2022-34831 — CVSS 9.8 (critical): An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an…
CVE-2022-32563 — CVSS 9.8 (critical): An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate…
CVE-2022-26493 — CVSS 9.8 (critical): Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass…
CVE-2021-29656 — CVSS 9.8 (critical): Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.
CVE-2021-40855 — CVSS 9.8 (critical): The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key…
CVE-2021-33907 — CVSS 9.8 (critical): The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign…
CVE-2020-28907 — CVSS 9.8 (critical): Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via…
CVE-2021-3406 — CVSS 9.8 (critical): A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust…
CVE-2019-8531 — CVSS 9.8 (critical): A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS…
CVE-2020-24715 — CVSS 9.8 (critical): The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks…
CVE-2020-24714 — CVSS 9.8 (critical): The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without…
CVE-2020-12637 — CVSS 9.8 (critical): Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to…
CVE-2020-1952 — CVSS 9.8 (critical): An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no…
CVE-2020-7956 — CVSS 9.8 (critical): HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and…
CVE-2019-18826 — CVSS 9.8 (critical): Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded…
CVE-2019-14910 — CVSS 9.8 (critical): A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS…
CVE-2010-4533 — CVSS 9.8 (critical): offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a…
CVE-2019-18633 — CVSS 9.8 (critical): European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluat…
CVE-2019-18632 — CVSS 9.8 (critical): European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML…
CVE-2018-21029 — CVSS 9.8 (critical): systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is…
CVE-2019-1010275 — CVSS 9.8 (critical): helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server…
CVE-2019-10914 — CVSS 9.8 (critical): pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509…