CWE-346 · Origin Validation Error

578 CVEs classified under CWE-346 (Origin Validation Error). Browse by severity and year.

Top CVEs for CWE-346
CVESeverityScorePublishedSummary
CVE-2026-42901Critical10.02026-05-22Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2021-37705Critical10.02021-08-13OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authe…
CVE-2024-32764Critical9.92024-04-26A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users wi…
CVE-2026-44649Critical9.82026-05-29SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-…
CVE-2026-6508Critical9.82026-05-07Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constra…
CVE-2026-2790Critical9.82026-02-24Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 14…
CVE-2022-50925Critical9.82026-01-13Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on…
CVE-2025-69258Critical9.82026-01-08A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executab…
CVE-2025-30466Critical9.82025-05-29This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A w…
CVE-2024-8487Critical9.82025-03-20A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not p…
CVE-2024-10534Critical9.82024-11-15Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traff…
CVE-2024-9392Critical9.82024-10-01A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3…
CVE-2021-47157Critical9.82024-03-18The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
CVE-2023-29711Critical9.82023-06-22An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.
CVE-2023-25366Critical9.82023-06-16In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.
CVE-2023-33443Critical9.82023-06-08Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative…
CVE-2023-29728Critical9.82023-05-30The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
CVE-2017-20146Critical9.82022-12-27Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, wh…
CVE-2022-3457Critical9.82022-10-13Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.
CVE-2020-26527Critical9.82020-10-02An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origi…