CVEs classified under CWE-297, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2025-46408 — CVSS 9.8 (critical): An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpC…
CVE-2025-68637 — CVSS 9.1 (critical): The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure…
CVE-2026-35563 — CVSS 8.5 (high): It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP…
CVE-2025-3501 — CVSS 8.2 (high): A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is…
CVE-2025-2190 — CVSS 8.1 (high): The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
CVE-2018-10936 — CVSS 8.1 (high): A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a…
CVE-2026-54275 — CVSS 7.5 (high): AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be…
CVE-2025-25253 — CVSS 7.5 (high): An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and…
CVE-2024-34447 — CVSS 7.5 (high): An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS)…
CVE-2026-44393 — CVSS 7.4 (high): An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname…
CVE-2026-41603 — CVSS 7.4 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0…
CVE-2026-26214 — CVSS 7.4 (high): Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the…
CVE-2024-37015 — CVSS 7.4 (high): An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to…
CVE-2020-14387 — CVSS 7.4 (high): A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote…
CVE-2026-43869 — CVSS 7.3 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0…
CVE-2024-12925 — CVSS 7.3 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue…
CVE-2026-44467 — CVSS 6.8 (medium): The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to…
CVE-2026-22747 — CVSS 6.8 (medium): Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN…
CVE-2024-49782 — CVSS 6.8 (medium): IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker…
CVE-2024-2462: Allow attackers to intercept or falsify data exchanges between the client and the server
CVE-2024-2466 — CVSS 6.5 (medium): libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS…
CVE-2016-1280 — CVSS 6.5 (medium): PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before…
CVE-2014-3603 — CVSS 5.9 (medium): The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java…
CVE-2017-2912 — CVSS 5.9 (medium): An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for…
CVE-2017-2911 — CVSS 5.9 (medium): An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for…
CVE-2026-12162 — CVSS 5.5 (medium): Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose…
CVE-2025-59060 — CVSS 5.3 (medium): Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are…
CVE-2025-15079 — CVSS 5.3 (medium): When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting…
CVE-2023-24568 — CVSS 5.0 (medium): Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow…
CVE-2025-49015 — CVSS 4.9 (medium): The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK…
CVE-2024-54019 — CVSS 4.8 (medium): A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0…
CVE-2025-4295 — CVSS 4.6 (medium): Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects…
CVE-2014-3522 — CVSS 4.0 (medium): The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the…