CWE-940 · Improper Verification of Source of a Communication Channel
39 CVEs classified under CWE-940 (Improper Verification of Source of a Communication Channel). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-41094 | Critical | 10.0 | 2023-10-04 | TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifet… |
CVE-2025-61932 | Critical | 9.8 | 2025-10-20 | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacke… |
CVE-2023-41355 | Critical | 9.8 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can ex… |
CVE-2025-59159 | Critical | 9.7 | 2025-10-06 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-… |
CVE-2026-33875 | Critical | 9.3 | 2026-03-27 | Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hij… |
CVE-2026-35643 | High | 8.8 | 2026-04-10 | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted page… |
CVE-2023-48387 | High | 8.8 | 2023-12-15 | TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario wh… |
CVE-2023-3663 | High | 8.8 | 2023-08-03 | In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipula… |
CVE-2022-4848 | High | 8.6 | 2022-12-29 | Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. |
CVE-2022-4800 | High | 8.6 | 2022-12-28 | Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. |
CVE-2025-23222 | High | 8.4 | 2025-01-24 | An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs… |
CVE-2024-26131 | High | 8.4 | 2024-02-20 | Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious… |
CVE-2026-44698 | High | 8.3 | 2026-05-29 | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home A… |
CVE-2026-40434 | High | 8.1 | 2026-04-17 | Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or… |
CVE-2024-49579 | High | 8.1 | 2024-10-17 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests |
CVE-2026-45353 | High | 7.8 | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0. |
CVE-2019-25613 | High | 7.5 | 2026-03-22 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message… |
CVE-2025-40820 | High | 7.5 | 2025-12-09 | Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unau… |
CVE-2023-51440 | High | 7.5 | 2024-02-13 | A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS… |
CVE-2026-45245 | High | 7.4 | 2026-05-18 | Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacke… |