CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
591 vulnerabilities with CWE-345
CVE-2026-47777
HIGH
Mastodon has a consent-check bypass in its remote Collections
CVSS 7.5
CVE-2026-53406
HIGH
Zoom Communications Remote Control For Zoom Contact Center < 7.0.0 - Insufficient Verification of Data Authenticity
CVSS 7.8
CVE-2026-47691
HIGH
Netty has Insufficient Bailiwick Validation for NS Records
CVSS 8.7
CVE-2026-45674
HIGH
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
CVSS 8.7
CVE-2026-46654
HIGH
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
CVE-2026-48096
MEDIUM
OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning
CVSS 5.0
CVE-2026-46539
MEDIUM
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
CVSS 5.9
CVE-2026-7792
MEDIUM
WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint
CVSS 5.3
CVE-2026-8608
MEDIUM
Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action
CVSS 5.3
CVE-2026-50214
CRITICAL
Acer Connect M6E 5G Portable WiFi Router - Shared Secret Quota Inflation
CVSS 9.8
CVE-2026-41577
HIGH
authentik: SAML source does not validate Conditions, timing, or audience on assertions
CVSS 7.5
CVE-2026-47123
HIGH
FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path
CVSS 7.5
CVE-2026-47696
MEDIUM
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
CVSS 4.3
CVE-2026-9189
MEDIUM
Contact Form 7 PayPal & Stripe Add-on <= 2.4.9 - Payment Bypass
CVSS 5.3
CVE-2026-45058
CRITICAL
electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark
CVE-2026-46538
MEDIUM
Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection
CVSS 5.9
CVE-2026-45022
HIGH
go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
CVSS 7.5
CVE-2026-3012
HIGH
Samba: group policy certificate enrollment uses http:// without validation
CVSS 8.0
CVE-2026-47202
CRITICAL
Kavita: Pre-Auth Account Takeover
CVE-2026-41164
MEDIUM
nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token
CVSS 4.4
CVE-2026-39969
MEDIUM
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification
CVSS 6.5
CVE-2026-25602
MEDIUM
Mesalvo Meona Client Launcher <= 19.06.2020 & Server <= 2025.04 - Data Authenticity Verification Bypass
CVSS 4.4
CVE-2026-33233
HIGH
AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries
CVSS 7.6
CVE-2026-32323
HIGH
Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer
CVSS 7.3
CVE-2026-44592
CRITICAL
Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning
CVSS 9.4
Details
Vulnerabilities
591