CWE-599
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-599page 1 of 1
- CVE-2021-21374HIGHCVSS 8.1EG 8.12021-03-26
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due …
- CVE-2022-31105HIGHCVSS 8.3EG 8.32022-07-12
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust …
- CVE-2023-48052HIGHCVSS 7.4EG 7.42023-11-16
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
- CVE-2024-31872HIGHCVSS 7.5EG 7.52024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
- CVE-2024-36755MEDIUMCVSS 6.8EG 6.82024-06-27
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-mi…
- CVE-2024-40464HIGHCVSS 8.8EG 8.82024-07-31
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
- CVE-2024-41253HIGHCVSS 7.1EG 7.12024-07-31
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.
- CVE-2024-41265HIGHCVSS 7.5EG 7.52024-08-01
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
- CVE-2025-12553CRITICALCVSS 9.8EG 9.82025-10-31
Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-56146MEDIUMCVSS 5.3EG 5.32025-09-23
Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.
- CVE-2025-56230HIGHCVSS 7.5EG 7.52025-11-04
Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.
- CVE-2025-56232MEDIUMCVSS 6.8EG 6.82025-11-05
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update pack…
- CVE-2025-63432MEDIUMCVSS 4.6EG 4.62025-11-24
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vu…
- CVE-2026-25060HIGHCVSS 8.1EG 8.12026-02-02
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function …
Map vulnerabilities like CWE-599 to your infrastructure
EchelonGraph correlates every CVE — across CWE-599 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →