Weaknesses of type CWE-345
369 resultsCVE-2024-58267HIGHRancher CLI SAML authentication is vulnerable to phishing attacksEPSS 0.2%CVE-2024-7979HIGHInsufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege eEPSS 0.2%CVE-2025-5833MEDIUMPioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity VulnerabilityEPSS 0.2%CVE-2021-34572MEDIUMInsufficient Verification of Data Authenticity in Enbra EWM (replay attack)EPSS 0.2%CVE-2023-23940MEDIUMOpenZeppelin Contracts for Cairo is vulnerable to signature validation bypassEPSS 0.2%CVE-2026-2968MEDIUMCesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verificationEPSS 0.2%CVE-2025-67298HIGHAn issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profileEPSS 0.2%CVE-2026-47691HIGHNetty has Insufficient Bailiwick Validation for NS RecordsEPSS 0.2%CVE-2026-6986MEDIUMCesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verificationEPSS 0.2%CVE-2026-33471CRITICALnimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncationEPSS 0.2%CVE-2026-1195LOWMineAdmin JWT Token refresh data authenticityEPSS 0.2%CVE-2025-14444MEDIUMRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_paymentEPSS 0.2%CVE-2025-2346MEDIUMIROAD Dash Cam X5/Dash Cam X6 Domain origin validationEPSS 0.2%CVE-2026-44087MEDIUMApache APISIX: Openid-connect plugin Identity Header SpoofingEPSS 0.2%CVE-2024-40644MEDIUMgitoxide's gix-path can use a fake program files locationEPSS 0.2%CVE-2026-35039CRITICALfast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)EPSS 0.2%CVE-2023-28457HIGHAn issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responsesEPSS 0.2%CVE-2023-43800HIGHInsufficient Verification of Data Authenticity in Arduino Create AgentEPSS 0.2%CVE-2026-48781CRITICALPostiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgeryEPSS 0.2%CVE-2026-23966CRITICALsm-crypto Affected by Private Key Recovery in SM2-PKEEPSS 0.2%