CWE-345

552 vulnerabilities with CWE-345

CVE-2026-4478 HIGH

Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification

CVSS 8.1

CVE-2026-32029 MEDIUM

OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing

CVSS 5.3

CVE-2026-28500 HIGH

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

CVSS 8.6

CVE-2026-32294 MEDIUM

JetKVM insufficient firmware verification

CVSS 4.7

CVE-2026-32290 MEDIUM

GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

CVSS 4.7

CVE-2026-32597 HIGH

PyJWT <2.12.0 - Auth Bypass

CVSS 7.5

CVE-2026-32231 HIGH

ZeptoClaw <0.7.6 - Auth Bypass

CVSS 8.2

CVE-2026-23656 MEDIUM

Windows App Installer - Spoofing

CVSS 5.9

CVE-2026-30920 HIGH

OneUptime <10.0.19 - Auth Bypass

CVSS 8.6

CVE-2026-3706 LOW

Dropbear <=2025.89 - Improper Signature Verification

CVSS 3.7

CVE-2026-30851 HIGH

Caddy 2.10.0-2.11.1 - Privilege Escalation

CVSS 8.1

CVE-2026-30223 HIGH

OliveTin <3000.11.1 - Auth Bypass

CVSS 8.8

CVE-2026-28454 HIGH

OpenClaw <2026.2.2 - Auth Bypass

CVSS 7.5

CVE-2026-25921 CRITICAL

Gogs <0.14.2 - Supply-Chain Attack

CVSS 9.3

CVE-2026-30798 HIGH

RustDesk Client <=1.4.5 - Protocol Manipulation

CVSS 7.5

CVE-2026-2836 HIGH

Pingora Alpha - Cache Poisoning

CVSS 8.1

CVE-2026-2428 HIGH

Fluent Forms Pro Add On Pack <=6.1.17 - Auth Bypass

CVSS 7.5

CVE-2026-27510 CRITICAL

Unitree Go2 1.1.7-1.1.11 - RCE

CVSS 9.6

CVE-2026-27804 CRITICAL

Parse Server <8.6.3/9.1.1-alpha.4 - Auth Bypass

CVSS 9.1

CVE-2026-27700 HIGH

Hono 4.12.0-4.12.1 - Auth Bypass

CVSS 8.2

CVE-2026-2968 LOW

Cesanta Mongoose <=7.20 - Auth Bypass

CVSS 3.7

CVE-2026-2385 MEDIUM

The Plus Addons for Elementor <6.4.7 - Auth Bypass

CVSS 5.3

CVE-2026-26327 MEDIUM

OpenClaw <2026.2.14 - Auth Bypass

CVSS 6.5

CVE-2026-25474 HIGH

OpenClaw <=2026.1.30 - Auth Bypass

CVSS 7.5

CVE-2026-26007 MEDIUM

Pypi Cryptography < 46.0.5 - Data Authenticity Bypass

CVSS 6.5