CWE-354 · Improper Validation of Integrity Check Value
167 CVEs classified under CWE-354 (Improper Validation of Integrity Check Value). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-11543 | Critical | 9.8 | 2025-12-22 | Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware. |
CVE-2024-25678 | Critical | 9.8 | 2024-02-09 | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. |
CVE-2023-33668 | Critical | 9.8 | 2023-07-12 | DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. |
CVE-2017-15994 | Critical | 9.8 | 2017-10-29 | rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE… |
CVE-2026-49230 | Critical | 9.1 | 2026-06-19 | Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authenticatio… |
CVE-2026-34182 | Critical | 9.1 | 2026-06-09 | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelope… |
CVE-2026-33026 | Critical | 9.1 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encryp… |
CVE-2025-54887 | Critical | 9.1 | 2025-08-08 | jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brut… |
CVE-2022-29898 | Critical | 9.1 | 2022-05-11 | On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root… |
CVE-2024-3596 | Critical | 9.0 | 2024-07-09 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access… |
CVE-2020-14120 | High | 8.8 | 2022-04-21 | Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to p… |
CVE-2020-25758 | High | 8.8 | 2020-12-15 | An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to… |
CVE-2020-7810 | High | 8.8 | 2020-08-07 | hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the… |
CVE-2017-4961 | High | 8.8 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Direct… |
CVE-2022-25946 | High | 8.7 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all vers… |
CVE-2023-28386 | High | 8.6 | 2023-05-22 | Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does n… |
CVE-2018-21070 | High | 8.4 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obt… |
CVE-2024-3727 | High | 8.3 | 2024-05-14 | A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a vi… |
CVE-2026-32600 | High | 8.2 | 2026-03-16 | xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-1… |
CVE-2026-32313 | High | 8.2 | 2026-03-16 | xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm… |