CWE-295: CWE-295

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it should fail due to certificate authority configuration ...

An improper certificate validation vulnerability in ToDesktop Builder v0.32.1 allows an unauthenticated, on-path attacker to spoof backend responses b...

A critical remote code execution vulnerability in Automai BotManager v25.2.0 allows attackers to execute arbitrary code on affected systems via the Bo...

A critical vulnerability in MHSanaei 3x-ui management panel allows remote attackers to execute arbitrary code by exploiting insecure certificate valid...

This vulnerability allows malicious websites with invalid TLS certificates to bypass WebAuthn security requirements and prompt users for authenticatio...

This vulnerability in TCPDF before version 6.8.0 disables SSL certificate verification when libcurl is used, allowing man-in-the-middle attacks. Any a...

CVE-2024-49369 is a critical TLS certificate validation flaw in Icinga 2 that allows attackers to impersonate trusted cluster nodes and API users usin...

This vulnerability allows unauthenticated attackers to access Alecto IVM-100 camera feeds over the internet by exploiting a custom UDP protocol that l...

This vulnerability in MediaTek's GNSS service allows remote attackers to escalate privileges without user interaction due to improper certificate vali...

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when fetching remote resources via curl, allowing man-...

A default installation of RustDesk 1.2.3 on Windows automatically installs a test code signing certificate into the Trusted Root Certification Authori...

MeshCentral 1.1.16 fails to properly validate SSL certificates when establishing connections, allowing man-in-the-middle attackers to intercept and ma...

This critical vulnerability in Turing Video Turing Edge+ EVC5FD allows remote attackers to execute arbitrary code and access sensitive information thr...

CVE-2023-40256 allows untrusted clients to interact with RabbitMQ service in Veritas NetBackup Snapshot Manager due to improper certificate validation...

Nanoleaf smart lighting firmware versions 7.1.1 and below lack TLS certificate verification, allowing attackers to intercept communications via DNS hi...

This vulnerability in LibreSSL and OpenBSD's certificate verification allows authentication bypass by discarding errors for unverified certificate cha...

ComponentSpace.Saml2 4.4.0 fails to validate SSL certificates at the application layer during SAML authentication, allowing man-in-the-middle attacks....

CVE-2022-32563 is an authentication bypass vulnerability in Couchbase Sync Gateway that allows unauthenticated users to escalate privileges when X.509...

This vulnerability allows attackers to bypass authentication and authorization in miniOrange Drupal SAML SP modules by removing SAML assertion signatu...

CVE-2022-22885 is a critical vulnerability in Hutool v5.7.18 where the HttpRequest component disables TLS/SSL certificate validation, allowing man-in-...

A critical vulnerability in the EU Digital COVID Certificate system allowed non-production public key certificates to be used in production, potential...

This vulnerability allows attackers to execute arbitrary code with elevated privileges by exploiting improper certificate validation during Zoom Clien...

CVE-2020-28907 is a critical SSL certificate validation vulnerability in Nagios Fusion that allows attackers to escalate privileges to root or execute...

The xmlhttprequest-ssl package for Node.js versions before 1.6.1 disables SSL certificate validation by default, allowing man-in-the-middle attacks. T...

Sydent, an identity server for Matrix, fails to verify SMTP server certificates when sending emails via TLS, making email communications vulnerable to...

This vulnerability in Ayms node-To master branch disables TLS/SSL certificate validation, allowing man-in-the-middle attackers to intercept and manipu...

Alist file list program versions before 3.57.0 disable TLS certificate verification by default for all outgoing storage communications, making all dat...

This vulnerability allows attackers to intercept and manipulate TLS traffic between a mobile application and its server due to missing certificate val...

Tonec Internet Download Manager versions 6.42.41.1 and earlier fail to properly validate SSL certificates during update checks. This allows attackers ...

CVE-2025-7390 allows a malicious client to bypass client certificate authentication in Softing OPC HTTPS servers configured for secure communication o...

This vulnerability in Apache Airflow's MongoDB hook allows SSL/TLS certificate validation to be disabled by default when SSL is enabled, enabling man-...

This vulnerability allows attackers to bypass Precision Bridge's license enforcement by using the same license key on multiple systems. Attackers can ...

This vulnerability in WP-CLI allows attackers who can intercept network traffic to disable TLS certificate verification, enabling man-in-the-middle at...

This vulnerability in Icinga 2 allows revoked certificates to be automatically renewed despite being on a Certificate Revocation List (CRL), bypassing...

This vulnerability allows an attacker to impersonate trusted websites by exploiting a certificate validation flaw in administrator-added certificates....

An authentication bypass vulnerability in Control-M/Agent allows remote attackers to authenticate using expired demo or third-party certificates inste...

A TLS certificate validation vulnerability in Veeam Updater allows man-in-the-middle attackers to intercept update communications and execute arbitrar...

CVE-2021-43882 is a remote code execution vulnerability in Microsoft Defender for IoT that allows attackers to execute arbitrary code on affected syst...