CWE-345 · Insufficient Verification of Data Authenticity
610 CVEs classified under CWE-345 (Insufficient Verification of Data Authenticity). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44523 | Critical | 10.0 | 2026-05-14 | Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The appli… |
CVE-2026-35051 | Critical | 10.0 | 2026-04-30 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traef… |
CVE-2025-66570 | Critical | 10.0 | 2025-12-05 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to i… |
CVE-2023-4699 | Critical | 10.0 | 2023-11-06 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R seri… |
CVE-2026-48781 | Critical | 9.9 | 2026-06-17 | Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a sessio… |
CVE-2022-36130 | Critical | 9.9 | 2022-09-01 | HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potent… |
CVE-2026-50214 | Critical | 9.8 | 2026-06-04 | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access p… |
CVE-2026-39324 | Critical | 9.8 | 2026-04-07 | Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when c… |
CVE-2026-33729 | Critical | 9.8 | 2026-03-27 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, u… |
CVE-2025-15385 | Critical | 9.8 | 2026-01-06 | Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.B… |
CVE-2025-66255 | Critical | 9.8 | 2025-11-26 | Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1… |
CVE-2025-8038 | Critical | 9.8 | 2025-07-22 | Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141… |
CVE-2025-1945 | Critical | 9.8 | 2025-03-10 | picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specifi… |
CVE-2024-45410 | Critical | 9.8 | 2024-09-19 | Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-… |
CVE-2024-23601 | Critical | 9.8 | 2024-05-28 | A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbi… |
CVE-2024-1554 | Critical | 9.8 | 2024-02-20 | The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the cor… |
CVE-2023-36139 | Critical | 9.8 | 2023-08-04 | In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers… |
CVE-2023-36134 | Critical | 9.8 | 2023-08-04 | In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers t… |
CVE-2023-25178 | Critical | 9.8 | 2023-07-13 | Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading… |
CVE-2023-2987 | Critical | 9.8 | 2023-05-31 | The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_… |