CWE-345 · Insufficient Verification of Data Authenticity

610 CVEs classified under CWE-345 (Insufficient Verification of Data Authenticity). Browse by severity and year.

Top CVEs for CWE-345
CVESeverityScorePublishedSummary
CVE-2026-44523Critical10.02026-05-14Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The appli…
CVE-2026-35051Critical10.02026-04-30Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traef…
CVE-2025-66570Critical10.02025-12-05cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to i…
CVE-2023-4699Critical10.02023-11-06Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R seri…
CVE-2026-48781Critical9.92026-06-17Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a sessio…
CVE-2022-36130Critical9.92022-09-01HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potent…
CVE-2026-50214Critical9.82026-06-04The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access p…
CVE-2026-39324Critical9.82026-04-07Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when c…
CVE-2026-33729Critical9.82026-03-27OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, u…
CVE-2025-15385Critical9.82026-01-06Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.B…
CVE-2025-66255Critical9.82025-11-26Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1…
CVE-2025-8038Critical9.82025-07-22Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141…
CVE-2025-1945Critical9.82025-03-10picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specifi…
CVE-2024-45410Critical9.82024-09-19Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-…
CVE-2024-23601Critical9.82024-05-28A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbi…
CVE-2024-1554Critical9.82024-02-20The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the cor…
CVE-2023-36139Critical9.82023-08-04In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers…
CVE-2023-36134Critical9.82023-08-04In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers t…
CVE-2023-25178Critical9.82023-07-13Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading…
CVE-2023-2987Critical9.82023-05-31The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_…