CWE-298— Improper Validation of Certificate Expiration
A certificate expiration is not validated or is incorrectly validated.— MITRE CWE catalog
8 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-298page 1 of 1
- CVE-2023-42446MEDIUMCVSS 6.5EG 6.52023-09-18
Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are no…
- CVE-2024-1248MEDIUMCVSS 5.3EG 4.82026-07-04
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provis…
- CVE-2025-4384MEDIUMCVSS 6.0EG 6.02025-05-06
The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client c…
- CVE-2025-59036MEDIUMCVSS 5.5EG 5.52025-09-09
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any…
- CVE-2025-61736HIGHCVSS 7.1EG 7.12025-12-17
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.
- CVE-2025-67108CRITICALCVSS 10.0EG 10.02025-12-23
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
- CVE-2025-67109CRITICALCVSS 10.0EG 10.02025-12-23
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
- CVE-2026-9097CRITICALCVSS 9.8EG 9.82026-05-28
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the T…
Map vulnerabilities like CWE-298 to your infrastructure
EchelonGraph correlates every CVE — across CWE-298 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →