Weaknesses of type CWE-345
369 resultsCVE-2026-28500HIGHONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain AttackEPSS 0.3%CVE-2025-34337HIGHeGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload EndpointsEPSS 0.3%CVE-2026-28454HIGHOpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram WebhookEPSS 0.3%CVE-2026-35051HIGHTraefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authEPSS 0.3%CVE-2026-3012HIGHSamba: group policy certificate enrollment uses http:// without validationEPSS 0.3%CVE-2022-36360—A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates withEPSS 0.3%CVE-2022-34763MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due EPSS 0.3%CVE-2026-30851HIGHCaddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege EscalationEPSS 0.2%CVE-2022-34471MEDIUMWhen downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifEPSS 0.2%CVE-2025-27616HIGHVela Server has Insufficient Webhook Payload Data VerificationEPSS 0.2%CVE-2026-6967HIGHMissing Delegated Metadata Validation in awslabs/toughEPSS 0.2%CVE-2026-27700HIGHHono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfoEPSS 0.2%CVE-2025-59420HIGHAuthlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)EPSS 0.2%CVE-2025-54792CRITICALLocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File InterceptionEPSS 0.2%CVE-2024-12369MEDIUMElytron-oidc-client: oidc authorization code injectionEPSS 0.2%CVE-2023-27977MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files inEPSS 0.2%CVE-2023-27979MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in EPSS 0.2%CVE-2026-33729MEDIUMOpenFGA has an Authorization Bypass through cached keysEPSS 0.2%CVE-2024-28251MEDIUMCross-site websocket hijacking in QuerybookEPSS 0.2%CVE-2025-52484LOWRISC Zero zkVM Underconstrained VulnerabilityEPSS 0.2%