Skip to main content

CWE-599

Missing Validation of OpenSSL Certificate

9 CVEs Avg CVSS 6.5 MITRE
0
CRITICAL
4
HIGH
5
MEDIUM
0
LOW
3
POC
0
KEV

Monthly

CVE-2026-62657 MEDIUM PATCH This Month

A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.

Authentication Bypass Netgear Mr70 Ms70 Raxe500 +1
NVD
CVSS 4.0
4.9
EPSS
0.1%
CVE-2026-25060 Go HIGH PATCH This Week

OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.

TLS Openlist Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-63432 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-56232 MEDIUM POC This Week

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gog Galaxy
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-56230 HIGH POC This Month

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docs
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-56146 MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-41265 Go HIGH This Week

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41253 HIGH This Week

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-36755 MEDIUM This Month

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

D-Link Information Disclosure Dir 1950 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.

Authentication Bypass Netgear Mr70 +3
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.

TLS Openlist Suse
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Week

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gog Galaxy
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docs
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

D-Link Information Disclosure Dir 1950 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy