CWE-295 (证书验证不恰当) — Vulnerability Class 462

462 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40944	Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles — oxia	7.5^AI	High^AI	2026-04-21
CVE-2026-39388	OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate — openbao	7.5^AI	High^AI	2026-04-21
CVE-2026-23776	Dell PowerProtect Data Domain（Dell PowerProtect DD）安全漏洞 — PowerProtect Data Domain	7.2	High	2026-04-17
CVE-2026-20184	Cisco Webex Meetings Certificate Validation Vulnerability — Cisco Webex Meetings	9.8	Critical	2026-04-15
CVE-2026-39984	Sigstore Timestamp Authority has Improper Certificate Validation in verifier — timestamp-authority	5.5	Medium	2026-04-14
CVE-2025-40745	Siemens多款产品信任管理问题漏洞 — Siemens Software Center	3.7	Low	2026-04-14
CVE-2026-0233	Autonomous Digital Experience Manager: Improper validation of ADEM certificate — Autonomous Digital Experience Manager	8.8	-	2026-04-13
CVE-2026-5501	Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates — wolfSSL	5.9	-	2026-04-10
CVE-2026-5263	URI nameConstraints not enforced in ConfirmNameConstraints() — wolfSSL	7.5^AI	High^AI	2026-04-09
CVE-2026-5194	wolfSSL ECDSA Certificate Verification — wolfSSL	5.3^AI	Medium^AI	2026-04-09
CVE-2026-35207	deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server — dde-control-center	5.4	Medium	2026-04-09
CVE-2026-33753	Improper Certificate Validation in rfc3161-client — rfc3161-client	6.2	Medium	2026-04-08
CVE-2026-34580	Botan has a certificate authentication bypass due to trust anchor confusion — botan	5.3^AI	Medium^AI	2026-04-07
CVE-2026-4740	Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation — Multicluster Engine for Kubernetes	8.2	High	2026-04-07
CVE-2026-32144	OCSP designated-responder authorization bypass via missing signature verification — OTP	5.9^AI	Medium^AI	2026-04-07
CVE-2026-35389	Bulwark Webmail S/MIME signature verification accepted self-signed certificates — webmail	5.3^AI	Medium^AI	2026-04-06
CVE-2026-35560	Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver — Amazon Athena ODBC driver	7.4	High	2026-04-03
CVE-2026-29140	S/MIME Signature Additional Certificate — Secure Email Gateway	7.5^AI	High^AI	2026-04-02
CVE-2026-20042	Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability — Cisco Nexus Dashboard	6.5	Medium	2026-04-01
CVE-2026-4370	Improper TLS Client/Server authentication and certificate verification on Database Cluster — Juju	10.0	Critical	2026-04-01
CVE-2026-34073	cryptography has incomplete DNS name constraint enforcement on peer names — cryptography	9.1^AI	Critical^AI	2026-03-31
CVE-2026-32794	Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange — Apache Airflow Provider for Databricks	7.4	-	2026-03-30
CVE-2026-32884	Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation) — botan	5.9	Medium	2026-03-30
CVE-2019-25652	UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM — UniFi Network Controller	7.5	High	2026-03-27
CVE-2026-33896	Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) — forge	7.4	High	2026-03-27
CVE-2025-15612	Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE — Wazuh Provisioning Scripts (Agent Build Environment)	4.8	Medium	2026-03-27
CVE-2026-33542	Incus does not verify combined fingerprint when downloading images from simplestreams servers — incus	7.1	-	2026-03-26
CVE-2026-33308	mod_gnutls missing key purpose check in client certificate verification — mod_gnutls	6.8	Medium	2026-03-24
CVE-2026-4587	HybridAuth SSL Curl.php certificate validation — HybridAuth	3.7	Low	2026-03-23
CVE-2026-4434	Devolutions Server 安全漏洞 — Server	7.4	-	2026-03-20

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 462 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-295 (证书验证不恰当) — Vulnerability Class 462