Weaknesses of type CWE-295
685 resultsCVE-2023-5594HIGHImproper following of a certificate's chain of trust in ESET security productsEPSS 0.4%CVE-2022-1197MEDIUMWhen importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the keyEPSS 0.4%CVE-2023-0547MEDIUMOCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be acceEPSS 0.4%CVE-2023-0430MEDIUMCertificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayEPSS 0.4%CVE-2022-45419MEDIUMIf the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certifiEPSS 0.4%CVE-2022-34865MEDIUMTraffic intelligence feeds vulnerability CVE-2022-34865EPSS 0.4%CVE-2022-34469HIGHWhen a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificatEPSS 0.4%CVE-2024-31489MEDIUMAAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinEPSS 0.4%CVE-2024-41334HIGHDraytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior EPSS 0.4%CVE-2024-52329CRITICALECOVACS HOME mobile app plugins do not properly validate TLS certificatesEPSS 0.4%CVE-2023-1409MEDIUMCertificate validation issue in MongoDB Server running on Windows or macOSEPSS 0.4%CVE-2024-13956HIGHSSL Verification BypassEPSS 0.4%CVE-2022-39161MEDIUMIBM WebSphere Application Server information disclosureEPSS 0.4%CVE-2022-48437MEDIUMAn issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain doesEPSS 0.4%CVE-2023-20881HIGHCloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drainEPSS 0.4%CVE-2025-1014HIGHCertificate length was not properly checkedEPSS 0.4%CVE-2025-1193HIGHImproper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows aEPSS 0.4%CVE-2024-54849MEDIUMAn issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a EPSS 0.4%CVE-2026-32794MEDIUMApache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token ExchangeEPSS 0.4%CVE-2024-4062LOWHualai Xiaofang iSC5 certificate validationEPSS 0.4%