CVEs classified under CWE-298, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-67109 — CVSS 10.0 (critical): Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and…
CVE-2025-67108 — CVSS 10.0 (critical): eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and…
CVE-2025-61736: Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate…
CVE-2025-4384: The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This…
CVE-2025-59036 — CVSS 5.5 (medium): Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication…
CVE-2024-1248 — CVSS 4.8 (medium): The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles…