VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 22 of 36
  • CVE-2026-0244MedMay 13, 2026
    risk 0.34cvss epss 0.00

    An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.

  • CVE-2026-29140MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.

  • CVE-2025-12047MedNov 12, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.

  • CVE-2025-10699MedOct 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.

  • CVE-2025-2183MedAug 13, 2025
    risk 0.34cvss epss 0.00

    An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install…

  • CVE-2025-32989MedJul 10, 2025
    risk 0.34cvss 5.3epss 0.01

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT…

  • CVE-2018-12087MedOct 3, 2018
    risk 0.34cvss 5.3epss 0.00

    Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.

  • CVE-2017-8213MedNov 22, 2017
    risk 0.34cvss 5.3epss 0.01

    Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate.…

  • CVE-2026-40974MedApr 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19),…

  • CVE-2026-40971MedApr 27, 2026
    risk 0.33cvss 5.0epss 0.00

    When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14) per vendor advisory.

  • CVE-2026-33753MedApr 8, 2026
    risk 0.33cvss 6.2epss 0.00

    rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority (TSA). By…

  • CVE-2005-3170MedOct 6, 2005
    risk 0.33cvss 5.0epss 0.01

    The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a…

  • CVE-2026-0249MedMay 13, 2026
    risk 0.32cvss epss 0.00

    Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an…

  • CVE-2024-31955MedOct 15, 2024
    risk 0.32cvss 4.9epss 0.00

    An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information.

  • CVE-2015-3152MedMay 16, 2016
    risk 0.32cvss 5.9epss 0.07

    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM"…

  • CVE-2026-49267MedJun 1, 2026
    risk 0.31cvss 5.9epss 0.00

    Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the…

  • CVE-2026-48249MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during the mobile (RouteMate) login flow. An…

  • CVE-2026-48248MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker…

  • CVE-2026-48247MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the…

  • CVE-2026-48246MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report…