Weaknesses of type CWE-345
369 resultsCVE-2022-31598—Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request thrEPSS 0.2%CVE-2019-10157MEDIUMIt was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backEPSS 0.2%CVE-2019-1880MEDIUMCisco Unified Computing System BIOS Signature Bypass VulnerabilityEPSS 0.2%CVE-2024-47867LOWLack of integrity check on the downloaded FRP client in GradioEPSS 0.2%CVE-2023-44402MEDIUMASAR Integrity bypass via filetype confusion in electronEPSS 0.2%CVE-2024-2382MEDIUMAuthorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment BypassEPSS 0.2%CVE-2026-9189MEDIUMContact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)EPSS 0.2%CVE-2026-7792MEDIUMWPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook EndpointEPSS 0.2%CVE-2024-1718MEDIUMClaudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status UpdateEPSS 0.2%CVE-2026-25474HIGHOpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypassEPSS 0.2%CVE-2025-15385CRITICALInsufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue aEPSS 0.2%CVE-2021-41106MEDIUMFile reference keys leads to incorrect hashes on HMAC algorithmsEPSS 0.2%CVE-2026-32597HIGHPyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.2%CVE-2022-46692MEDIUMA logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7EPSS 0.2%CVE-2022-41156HIGHOndiskPlayer Remote Code Execution VulnerabilityEPSS 0.2%CVE-2022-36315MEDIUMWhen loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entrieEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%CVE-2026-40323HIGHSP1 V6 Recursion Circuit Row-Count Binding GapEPSS 0.2%CVE-2025-1108HIGHInsufficient data authenticity vulnerability in JantoEPSS 0.2%CVE-2023-49087MEDIUMValidation of SignedInfoEPSS 0.2%