Weaknesses of type CWE-345
369 resultsCVE-2024-55929MEDIUMMail spoofingEPSS 0.2%CVE-2026-44308MEDIUMSpring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notificationsEPSS 0.2%CVE-2022-28757HIGHLocal Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOSEPSS 0.2%CVE-2026-27804CRITICALParse Server: Account takeover via JWT algorithm confusion in Google auth adapterEPSS 0.2%CVE-2019-1667MEDIUMCisco HyperFlex Arbitrary Statistics Write VulnerabilityEPSS 0.2%CVE-2025-6426HIGHNo warning when opening executable terminal files on macOSEPSS 0.2%CVE-2026-33221LOWNhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage UploadEPSS 0.2%CVE-2023-52109HIGHVulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect serEPSS 0.2%CVE-2025-24882MEDIUMregclient may ignore pinned manifest digestsEPSS 0.2%CVE-2025-24903HIGHlibsignal-service-rs Doesn't Check Origin of Sync MessagesEPSS 0.2%CVE-2026-47202CRITICALKavita: Pre-Auth Account TakeoverEPSS 0.2%CVE-2026-55698HIGHpnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytesEPSS 0.2%CVE-2026-48783MEDIUMPostiz has an unauthenticated billing-enforcement bypass via /public/modify-subscriptionEPSS 0.2%CVE-2026-39366MEDIUMWWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.phpEPSS 0.2%CVE-2024-8356HIGHVisteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation VulnerabilityEPSS 0.2%CVE-2025-27257MEDIUMInsufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a mEPSS 0.2%CVE-2026-41577MEDIUMauthentik: SAML source does not validate Conditions, timing, or audience on assertionsEPSS 0.2%CVE-2026-50214CRITICALShared Secret Quota InflationEPSS 0.2%CVE-2026-47777HIGHMastodon has a consent-check bypass in its remote CollectionsEPSS 0.2%CVE-2026-3177MEDIUMCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe WebhookEPSS 0.2%