Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,395 vulnerabilities with CWE-295

CVE-2026-9259 MEDIUM

Canon Inc. Eos Network Setting Tool For Windows - Improper Certificate Validation

CVE-2026-9258 MEDIUM

Canon Inc. Eos Network Setting Tool For Windows - Improper Certificate Validation

CVE-2026-45170 HIGH

Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation

CVE-2026-45175 HIGH

Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes

CVE-2026-40992 MEDIUM

Mail Auto-Configuration Does Not Enable SSL Hostname Verification

CVE-2026-53475 CRITICAL

Assisted-migration-agent: tls verification disabled on all vcenter connections

CVE-2026-9758 HIGH

Improper Certificate Validation in S2OPC

CVE-2026-41714 MEDIUM

In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager

CVE-2026-42769 MEDIUM

Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

CVE-2026-50752 HIGH

Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

CVE-2026-45745 HIGH

Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

CVE-2026-41859 HIGH

Cloud Foundry Foundation Bosh < 282.1.9 - Improper Certificate Validation

CVE-2026-49267 MEDIUM

Apache Airflow: No certificate validation on SMTP STARTTLS connections

CVE-2026-47074 HIGH

ex_aws_sns SigningCertURL not validated in verify_message/1

CVE-2026-42790 HIGH

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

CVE-2026-42791 LOW

OCSP responder certificate validity period not checked in public_key

CVE-2026-42789 MEDIUM

Non-CA certificate accepted as intermediate issuer in public_key path validation

CVE-2026-45574 HIGH

epa4all-client: TLS Certificate Validation Disabled in Production

CVE-2026-44900 HIGH

epa4all-client: VAU Signature bypass

CVE-2026-44213 MEDIUM

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

CVE-2026-42012 HIGH

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

CVE-2026-48697 HIGH

FastNetMon Community Edition <= 1.2.9 - Missing TLS Certificate Validation in execute_web_request_secure

CVE-2026-32253 CRITICAL

Sunshine: Authentication bypass via improper client certificate validation

CVE-2026-8992 HIGH

Ivanti Secure Access Client - Improper Certificate Validation

CVE-2026-42508 CRITICAL

Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Page 1 of 56 Next

Details

Vulnerabilities 1,395

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy