CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345

CVE-2026-28454 HIGH

OpenClaw < 2026.2.2 - Unauthenticated Privileged Command Execution via Telegram Webhook Spoofing

CVSS 7.5

CVE-2026-25921 CRITICAL

Gogs < 0.14.2 - LFS Object Overwrite Supply-Chain Attack

CVSS 9.3

CVE-2026-30798 HIGH

RustDesk Client <=1.4.5 - Protocol Manipulation

CVSS 7.5

CVE-2026-2836 HIGH

Pingora Cache < 0.8.0 - Cache Poisoning via Insufficient Cache Key Verification

CVSS 8.1

CVE-2026-2428 HIGH

Fluent Forms Pro Add On Pack <=6.1.17 - Auth Bypass

CVSS 7.5

CVE-2026-27510 CRITICAL

Unitree Go2 firmware 1.1.7-1.1.11 - Remote Code Execution via Tampered Android App Programme

CVSS 9.6

CVE-2026-27804 CRITICAL

Parse Server <8.6.3/9.1.1-alpha.4 - Auth Bypass

CVSS 9.1

CVE-2026-27700 HIGH

Hono 4.12.0-4.12.1 - IP Spoofing via X-Forwarded-For Header Mishandling

CVSS 8.2

CVE-2026-2968 LOW

Cesanta Mongoose <=7.20 - Auth Bypass

CVSS 3.7

CVE-2026-2385 MEDIUM

The Plus Addons for Elementor <6.4.7 - Auth Bypass

CVSS 5.3

CVE-2026-26327 MEDIUM

OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records

CVSS 6.5

CVE-2026-25474 HIGH

OpenClaw < 2026.2.1 - Insufficient Verification of Telegram Webhook Secret Token

CVSS 7.5

CVE-2026-26007 MEDIUM

cryptography < 46.0.5 - Insufficient Verification of Data Authenticity in Public Key Functions

CVSS 6.5

CVE-2026-21527 MEDIUM

Microsoft Exchange Server - Info Disclosure

CVSS 6.5

CVE-2026-1642 MEDIUM

NGINX OSS 1.3.0-1.28.1 & NGINX Plus r33-r34 TLS Data Authenticity Verification Bypass

CVSS 5.9

CVE-2026-24775 MEDIUM

OpenProject 17.0.0-17.0.2 - Server-Side Request Forgery via BlockNote Work Package Mention

CVSS 6.3

CVE-2026-24772 HIGH

OpenProject 17.0.0-17.0.2 - Authentication Token Spoofing via Synchronization Server URL Manipulation

CVSS 8.9

CVE-2026-23966 CRITICAL

sm-crypto <0.3.14 - Private Key Recovery

CVSS 9.1

CVE-2026-1195 MEDIUM

MineAdmin 1.x/2.x - Insufficient Verification of Data Authenticity in JWT Token Handler

CVSS 5.0

CVE-2026-0939 MEDIUM

Rede Itaú for WooCommerce <=5.1.2 - Auth Bypass

CVSS 5.3

CVE-2026-22703 MEDIUM

sigstore cosign < 2.6.2 and 3.0.4 - Insufficient Verification of Data Authenticity

CVSS 5.5

CVE-2025-52645 LOW

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.

CVSS 1.9

CVE-2025-52638 MEDIUM

Multiple security vulnerabilities affect HCL AION

CVSS 5.6

CVE-2025-67298 HIGH

ClasroomIO <0.2.6 - Privilege Escalation

CVSS 8.1

CVE-2025-63910 HIGH

Cohesity TranZman 4.0 Build 14614 - File Upload RCE

CVSS 7.2

Details

Vulnerabilities 591

Links