The product does not validate, or incorrectly validates, a certificate.
1,395 vulnerabilities with CWE-295
CVE-2026-27221
MEDIUM
Acrobat Reader <25.001.21265 - Auth Bypass
CVSS 5.5
CVE-2026-3822
MEDIUM
Taipower APP - Improper Certificate Validation
CVSS 6.5
CVE-2026-24281
HIGH
Apache ZooKeeper <3.8.6/3.9.5 - Auth Bypass
CVSS 7.4
CVE-2026-30840
HIGH
wallos < 4.6.2 - Server-Side Request Forgery via Notification Tester
CVSS 8.8
CVE-2026-27138
MEDIUM
Go standard library crypto/x509 1.26.0 - Denial of Service via Empty DNS Name in Certificate Chain
CVSS 5.9
CVE-2026-27137
HIGH
OpenSSL - Certificate Validation Bypass
CVSS 7.5
CVE-2026-30794
HIGH
RustDesk Client <1.4.5 - Auth Bypass
CVSS 8.1
CVE-2026-2748
MEDIUM
SEPPmail Secure Email Gateway <15.0.1 - Auth Bypass
CVSS 5.3
CVE-2026-2590
CRITICAL
Devolutions Remote Desktop Manager <=2025.3.30 - Auth Bypass
CVSS 9.8
CVE-2026-3336
HIGH
AWS-LC 1.41.0-1.68.0 - Unauthenticated Certificate Chain Verification Bypass in PKCS7_verify()
CVSS 7.5
CVE-2026-3100
MEDIUM
ASUSTOR ADM FTP Backup - TLS Certificate Validation Man-in-the-Middle
CVSS 6.5
CVE-2026-27134
HIGH
Strimzi 0.49.0-0.50.0 - Auth Bypass
CVSS 8.1
CVE-2026-27133
MEDIUM
Strimzi 0.47.0-0.50.1 - Auth Bypass
CVSS 5.9
CVE-2026-24122
LOW
sigstore cosign < 3.0.5 - Improper Certificate Validation
CVSS 3.7
CVE-2026-0872
LOW
Thales SafeNet Agent <4.1.2 - Signature Spoofing
CVE-2026-0228
LOW
Palo Alto Networks Cloud NGFW and PAN-OS - Improper Certificate Validation
CVE-2026-21228
HIGH
Azure Local < 2510.0.3002 - Unauthenticated Remote Code Execution via Improper Certificate Validation
CVSS 8.1
CVE-2026-25961
HIGH
SumatraPDF 3.5.0-3.5.2 - Remote Code Execution via Update Mechanism TLS Hostname Verification Bypass
CVSS 7.5
CVE-2026-22613
MEDIUM
Eaton Network M3 < 2.3.3 - Man-in-the-Middle Attack via Insecure Firmware Upgrade Certificate Validation
CVSS 5.7
CVE-2026-25644
HIGH
DataHub < 1.3.1.8 - TLS Downgrade to MITM via LDAP Ingestion Source
CVSS 7.5
CVE-2026-25160
CRITICAL
Alist < 3.57.0 - Man-in-the-Middle via Disabled TLS Certificate Verification
CVSS 9.1
CVE-2026-24935
MEDIUM
ASUSTOR ADM NAT Traversal - TLS Certificate Validation Man-in-the-Middle
CVSS 5.6
CVE-2026-24934
LOW
ADM <4.3.3.ROF1, <5.1.1.RCI1 - Info Disclosure
CVSS 3.7
CVE-2026-24933
MEDIUM
ASUSTOR Data Master 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1 - Improper Certificate Validation in API Communication
CVSS 5.9
CVE-2026-24932
MEDIUM
ASUSTOR Data Master 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1 - Improper Certificate Validation in DDNS Update Function
CVSS 5.9
Details
Vulnerabilities
1,395