CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2026-3177 MEDIUM
Charitable for WordPress <= 1.8.9.7 - Donation Status Forgery via Missing Stripe Webhook Verification
CVSS 5.3
CVE-2026-35042 HIGH
fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
CVSS 7.5
CVE-2026-35039 CRITICAL
fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
CVSS 9.1
CVE-2026-34778 MEDIUM
Electron: Service worker can spoof executeJavaScript IPC replies
CVSS 5.9
CVE-2026-34061 MEDIUM
nimiq/core-rs-albatross: Macro block proposal interlink bug
CVSS 4.9
CVE-2026-30603 MEDIUM
Qianniao QN-L23PA0904 v20250721.1640 - Privilege Escalation
CVSS 6.8
CVE-2026-4984 HIGH
Botpress - Credential Disclosure via Twilio Webhook Handler
CVSS 8.2
CVE-2026-33729 CRITICAL
OpenFGA <1.13.1 Condition Cache Keys - Authorization Bypass
CVSS 9.8
CVE-2026-4115 LOW
PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification
CVSS 3.7
CVE-2026-4541 LOW
janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
CVSS 2.5
CVE-2026-33243 HIGH
barebox: FIT Signature Verification Bypass Vulnerability
CVSS 8.2
CVE-2026-33221 MEDIUM
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
CVSS 5.3
CVE-2026-33143 HIGH
OneUptime: WhatsApp Webhook Missing Signature Verification
CVSS 7.5
CVE-2026-4478 HIGH
Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification
CVSS 8.1
CVE-2026-32029 MEDIUM
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
CVSS 5.3
CVE-2026-28500 HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
CVSS 8.6
CVE-2026-32294 MEDIUM
JetKVM insufficient firmware verification
CVSS 4.7
CVE-2026-32290 MEDIUM
GL-iNet Comet (GL-RM1) KVM insufficient firmware verification
CVSS 4.7
CVE-2026-32597 HIGH
PyJWT < 2.12.0 - Insufficient Verification of Data Authenticity via crit Header Parameter
CVSS 7.5
CVE-2026-32231 HIGH
ZeptoClaw < 0.7.6 - Unauthenticated Message Spoofing and Session Routing Abuse via Webhook Identity Fields
CVSS 8.2
CVE-2026-23656 MEDIUM
Windows App Installer < 2.0.964.0 - Unauthenticated Spoofing via Insufficient Data Verification
CVSS 5.9
CVE-2026-30920 HIGH
OneUptime < 10.0.19 - Missing Authorization in GitHub App Callback
CVSS 8.6
CVE-2026-3706 LOW
Dropbear <=2025.89 - Improper Signature Verification
CVSS 3.7
CVE-2026-30851 HIGH
Caddy 2.10.0-2.11.1 - Privilege Escalation
CVSS 8.1
CVE-2026-30223 HIGH
olivetin < 3000.11.1 - Insufficient JWT Audience Verification
CVSS 8.8
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits