Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,395 vulnerabilities with CWE-295

CVE-2025-29883 HIGH

File Station 5 <5.5.6.4791 - Improper Certificate Validation

CVE-2025-22486 HIGH

QNAP File Station 5.5.6.4691-5.5.6.4791 - Improper Certificate Validation

CVE-2025-5025 MEDIUM

curl 8.5.0-8.13.9 - Improper Certificate Validation in QUIC HTTP/3 with wolfSSL

CVE-2025-4947 MEDIUM

curl 8.8.0-8.13.0 - Improper Certificate Validation for QUIC Connections via IP Address URL

CVE-2025-5279 HIGH

Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation

CVE-2025-4575 MEDIUM

OpenSSL 3.5 - Improper Certificate Validation via -addreject Option

CVE-2025-32407 MEDIUM

Samsung Internet for Galaxy Watch 5.0.9 - Improper Certificate Validation

CVE-2025-3463 CRITICAL

ASUS DriverHub - Improper Certificate Validation via Crafted HTTP Requests

CVE-2025-20157 MEDIUM

Cisco Catalyst SD-WAN Manager - Info Disclosure

CVE-2025-46551 LOW

JRuby-OpenSSL 0.12.1-0.15.3 and JRuby 9.3.4.0-9.4.12.0 and 10.0.0.0 - Improper Certificate Validation

CVE-2025-3218 MEDIUM

IBM i 7.2-7.6 - Improper Certificate Validation in Netserver

CVE-2025-37730 MEDIUM

Logstash 8.0.0-8.17.5, 8.18.0, 9.0.0 - Improper Certificate Validation in TCP Output

CVE-2025-20670 MEDIUM

MediaTek NR16 NR17 NR17R - Remote Information Disclosure via Improper Certificate Validation

CVE-2025-27820 HIGH

Apache HttpClient 5.4-5.4.2 - Improper Certificate Validation in PSL Domain Check Logic

CVE-2025-28169 HIGH

BYD QIN PLUS DM-i Dilink OS - Info Disclosure

CVE-2025-26478 LOW

Dell ECS < 3.8.1.4 & ObjectScale < 4.0.0.0 - Unauthenticated Info Disclosure via Cert Validation

CVE-2025-22459 MEDIUM

Ivanti Endpoint Manager <2024 SU1, <2022 SU7 - Info Disclosure

CVE-2025-30000 MEDIUM

Siemens License Server <V4.3 - Privilege Escalation

CVE-2025-0254 MEDIUM

HCL Digital Experience <9.5 CF226 - SSRF

CVE-2025-23118 MEDIUM

UniFi Protect < - Privilege Escalation

CVE-2025-1001 MEDIUM

Medixant RadiAnt DICOM Viewer - MITM

CVE-2025-1002 MEDIUM

MicroDicom DICOM Viewer 2024.03 - MITM

CVE-2025-1193 HIGH

Devolutions Remote Desktop Manager < 2024.3.20.0 - Improper Certificate Validation

CVE-2025-23114 CRITICAL

Veeam Backup for AWS < 7.0 - Remote Code Execution via TLS Certificate Validation Failure

CVE-2025-1014 HIGH

Firefox < 128.7.0 and < 135.0 - Improper Certificate Validation

Previous Page 11 of 56 Next

Details

Vulnerabilities 1,395

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy