VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 23 of 36
  • CVE-2026-44312MedMay 14, 2026
    risk 0.31cvss 5.8epss 0.00

    css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with…

  • CVE-2026-44363MedMay 13, 2026
    risk 0.31cvss epss 0.00

    MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient…

  • CVE-2026-8367MedMay 13, 2026
    risk 0.31cvss 4.8epss 0.00

    aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

  • CVE-2026-4873MedMay 13, 2026
    risk 0.31cvss 5.9epss 0.00

    A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS…

  • CVE-2026-42225MedMay 7, 2026
    risk 0.31cvss 5.9epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables…

  • CVE-2026-41016MedApr 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate,…

  • CVE-2025-10539MedApr 28, 2026
    risk 0.31cvss 4.8epss 0.00

    Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request.…

  • CVE-2026-40557MedApr 27, 2026
    risk 0.31cvss 4.8epss 0.00

    Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:  In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_valida…

  • CVE-2026-34477MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName …

  • CVE-2026-32884MedMar 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the…

  • CVE-2026-27138MedMar 6, 2026
    risk 0.31cvss 5.9epss 0.00

    Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

  • CVE-2026-1778MedFeb 2, 2026
    risk 0.31cvss 5.9epss 0.00

    Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

  • CVE-2025-60022MedNov 17, 2025
    risk 0.31cvss 4.8epss 0.00

    Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication.

  • CVE-2025-58781MedSep 12, 2025
    risk 0.31cvss 4.8epss 0.00

    WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic.

  • CVE-2024-31340MedMay 22, 2024
    risk 0.31cvss 4.8epss 0.00

    TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

  • CVE-2024-27440MedMar 13, 2024
    risk 0.31cvss 4.8epss 0.00

    The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted…

  • CVE-2017-7468MedJul 16, 2018
    risk 0.31cvss 4.8epss 0.02

    In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the…

  • CVE-2018-0334MedJun 7, 2018
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check…

  • CVE-2016-10536MedMay 31, 2018
    risk 0.31cvss 5.9epss 0.01

    engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is…

  • CVE-2017-1000396MedJan 26, 2018
    risk 0.31cvss 5.9epss 0.01

    Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive…