Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,397 vulnerabilities with CWE-295

CVE-2024-45205 HIGH

Unifi iOS App <10.18.0 - Info Disclosure

CVE-2024-5921 HIGH

Palo Alto Networks GlobalProtect - Improper Certificate Validation

CVE-2024-52510 MEDIUM

Nextcloud Desktop 3.0.0-3.14.1 - Improper Certificate Validation via Empty Initial Signature

CVE-2024-5918 MEDIUM

Palo Alto Networks PAN-OS - Improper Certificate Validation in GlobalProtect Portal/Gateway

CVE-2024-49369 CRITICAL

Icinga 2.4.0-2.11.11 - Improper Certificate Validation

CVE-2024-51774 HIGH

qBittorrent <5.0.1 - Info Disclosure

CVE-2024-30149 MEDIUM

HCL AppScan Source <= 10.6.0 - Info Disclosure

CVE-2024-43177 MEDIUM

IBM Concert 1.0.0 and 1.0.1 - Improper Certificate Validation

CVE-2024-47241 MEDIUM

Dell Secure Connect Gateway (SCG) <5.24 - Improper Certificate Vali...

CVE-2024-22030 HIGH

Rancher 2.7.0-2.9.2 URL Certificate Validation - Man-in-the-Middle

CVE-2024-31955 MEDIUM

Samsung eMMC KLMAG2GE4A and KLM8G1WEMB - Improper Certificate Validation via Electromagnetic Fault Injection

CVE-2024-48915 HIGH

agent_dart < 1.0.0-dev.29 - Improper Certificate Validation in _checkDelegation Function

CVE-2024-43550 HIGH

Windows Secure Channel - Spoofing via Improper Certificate Validation

CVE-2024-7206 HIGH

eWeLink Zigbee Bridge Pro <= 2.0.0 - SSL Pinning Bypass Secret Extraction

CVE-2024-20385 MEDIUM

Cisco Nexus Dashboard Orchestrator - Info Disclosure

CVE-2024-9160 MEDIUM

PEADM Forge Module <3.24.0 - Info Disclosure

CVE-2024-38861 HIGH

MikroTik 2.0.0-2.5.5 and 0.4a_mk-2.0a - Improper Certificate Validation

CVE-2024-30134 MEDIUM

HCL Traveler for Microsoft Outlook < 3.0.9 - Improper Certificate Validation

CVE-2024-38324 MEDIUM

IBM Storage Defender <2.0.8 - Info Disclosure

CVE-2024-43201 HIGH

Planet Fitness Workouts - Info Disclosure

CVE-2024-8287 HIGH

Anbox Management Service <1.23.0 - Info Disclosure

CVE-2024-8096 MEDIUM

curl 7.41.0-8.10.0 - Improper Certificate Validation via OCSP Stapling

CVE-2024-31489 MEDIUM

FortiClient 7.0.0-7.0.11, 7.2.0-7.2.4 - Unauthenticated MITM via ZTNA Tunnel Certificate Validation

CVE-2024-40714 HIGH

TLS Certificate Validation - Info Disclosure

CVE-2024-38642 HIGH

QuMagie < 2.3.1 - Improper Certificate Validation

Previous Page 14 of 56 Next

Details

Vulnerabilities 1,397

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy