Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 462

462 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64685 JetBrains YouTrack 信任管理问题漏洞 — YouTrack 8.1 High2025-11-10
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS — neuvector 8.6 High2025-10-30
CVE-2025-11619 Devolutions Server 安全漏洞 — Devolutions Server 5.9AIMediumAI2025-10-15
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents — go-witness 9.1 -2025-10-15
CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default — data-prepper 7.4 High2025-10-15
CVE-2025-10699 Lenovo LeCloud 安全漏洞 — LeCloud Client 5.3 Medium2025-10-15
CVE-2025-6026 Lenovo Universal Device Client 安全漏洞 — Universal Device Client 3.1 Low2025-10-15
CVE-2025-11695 Configuration may unexpectedly disable certificate validation — Rust Driver 8.0 High2025-10-13
CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation — Furbo 360 3.7 Low2025-10-12
CVE-2025-34235 Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-10548 Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution — CleverControl employee monitoring software 8.1AIHighAI2025-09-23
CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates — eScan AV 8.1 -2025-09-19
CVE-2025-34199 Vasion Print (formerly PrinterLogic) Insecure SSL Verification Allows Man-in-the-Middle Attacks — Print Virtual Appliance Host 9.8 -2025-09-19
CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses — dragonfly 6.5AIMediumAI2025-09-17
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication — dragonfly 7.4AIHighAI2025-09-17
CVE-2025-35434 CISA Thorium does not validate TLS connections to Elasticsearch — Thorium 4.2 Medium2025-09-17
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks — Kubernetes CSharp Client 6.8 Medium2025-09-16
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass — Control-M/Agent 9.0 Critical2025-09-16
CVE-2025-58781 WTW-EAGLE App 信任管理问题漏洞 — WTW-EAGLE App for iOS 5.9 -2025-09-12
CVE-2025-9785 Misconfigured certificate validation with self-signed certificates for Print Deploy — Print Deploy 7.4AIHighAI2025-09-03
CVE-2025-33099 IBM Concert Software information disclosure — Concert Software 5.9 Medium2025-09-01
CVE-2025-30278 Qsync Central — Qsync Central 7.4 -2025-08-29
CVE-2025-30277 Qsync Central — Qsync Central 7.4 -2025-08-29
CVE-2025-58127 Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange 5.9AIMediumAI2025-08-28
CVE-2025-58126 Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange 5.9AIMediumAI2025-08-28
CVE-2025-58125 Lack of TLS validation in plugin Freebox v6 agent on Checkmk Exchange 5.9AIMediumAI2025-08-28
CVE-2025-58124 Lack of TLS validation in plugin check-mk-api on Checkmk Exchange 5.9AIMediumAI2025-08-28
CVE-2025-58123 Lack of TLS validation in plugin BGP Monitoring on Checkmk Exchange --AI2025-08-28
CVE-2025-7390 Bypass the client certificate trust check of an opc.https server while only secure communication is allowed — OPC UA C++ SDK 9.1 Critical2025-08-21
CVE-2025-33142 IBM WebSphere Application Server information disclosure — WebSphere Application Server 5.3 Medium2025-08-14

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 462 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.