CWE-346 · Origin Validation Error
578 CVEs classified under CWE-346 (Origin Validation Error). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42901 | Critical | 10.0 | 2026-05-22 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. |
CVE-2021-37705 | Critical | 10.0 | 2021-08-13 | OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authe… |
CVE-2024-32764 | Critical | 9.9 | 2024-04-26 | A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users wi… |
CVE-2026-44649 | Critical | 9.8 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-… |
CVE-2026-6508 | Critical | 9.8 | 2026-05-07 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constra… |
CVE-2026-2790 | Critical | 9.8 | 2026-02-24 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 14… |
CVE-2022-50925 | Critical | 9.8 | 2026-01-13 | Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on… |
CVE-2025-69258 | Critical | 9.8 | 2026-01-08 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executab… |
CVE-2025-30466 | Critical | 9.8 | 2025-05-29 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A w… |
CVE-2024-8487 | Critical | 9.8 | 2025-03-20 | A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not p… |
CVE-2024-10534 | Critical | 9.8 | 2024-11-15 | Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traff… |
CVE-2024-9392 | Critical | 9.8 | 2024-10-01 | A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3… |
CVE-2021-47157 | Critical | 9.8 | 2024-03-18 | The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. |
CVE-2023-29711 | Critical | 9.8 | 2023-06-22 | An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. |
CVE-2023-25366 | Critical | 9.8 | 2023-06-16 | In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. |
CVE-2023-33443 | Critical | 9.8 | 2023-06-08 | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative… |
CVE-2023-29728 | Critical | 9.8 | 2023-05-30 | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. |
CVE-2017-20146 | Critical | 9.8 | 2022-12-27 | Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, wh… |
CVE-2022-3457 | Critical | 9.8 | 2022-10-13 | Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. |
CVE-2020-26527 | Critical | 9.8 | 2020-10-02 | An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origi… |