CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345

CVE-2025-15598 LOW

Dataease SQLBot <1.5.1 - Auth Bypass

CVSS 3.7

CVE-2025-71057 HIGH

D-Link DSL-124 ME_1.00 - Session Hijacking

CVSS 8.2

CVE-2025-14444 MEDIUM

RegistrationMagic <6.0.6.9 - Payment Bypass

CVSS 5.3

CVE-2025-59024 MEDIUM

PowerDNS Recursor 5.1.0-5.1.7, 5.2.0-5.2.5, 5.3.0 - Cache Poisoning via Crafted Delegations or IP Fragments

CVSS 6.5

CVE-2025-15385 CRITICAL

TECNO Mobile Boomplayer < 7.4.63 - Authentication Bypass via Insufficient Data Verification

CVSS 9.8

CVE-2025-15154 MEDIUM

pbootcms < 3.2.12 - Use of Less Trusted Source via X-Forwarded-For Header

CVSS 5.3

CVE-2025-66570 CRITICAL

cpp-httplib <0.27.0 - Info Disclosure

CVSS 10.0

CVE-2025-59700 LOW

Entrust nShield HSM <13.6.12 Recovery Partition Modification via Integrity Protection Lack

CVSS 3.9

CVE-2025-66225 HIGH

OrangeHRM 5.0-5.7 - Unauthenticated Account Takeover via Password Reset Username Manipulation

CVSS 8.8

CVE-2025-66255 CRITICAL

DB Electronica Telecomunicazioni Mozart FM Transmitter - Unauthenticated Arbitrary File Upload via upgrade_contents.php

CVSS 9.8

CVE-2025-66016 CRITICAL

cggmp21 < 0.6.3 and cggmp24 < 0.7.0-alpha.2 - Insufficient Verification of Data Authenticity

CVE-2025-12752 MEDIUM

PayPal WordPress Plugin <1.1.7 - Info Disclosure

CVSS 5.3

CVE-2025-34337 HIGH

egovframe-common-components <4.3.1 - Info Disclosure

CVE-2025-12295 MEDIUM

D-Link DAP-2695 2.00RC13 - Insufficient Verification of Data Authenticity in Firmware Update Handler

CVSS 6.6

CVE-2025-12080 MEDIUM

Google Messages on Wear OS - Unauthorized Message Sending

CVE-2025-12245 MEDIUM

chatwoot < 4.7.0 - Origin Validation Error in Widget IFrame Helper

CVSS 5.3

CVE-2025-56438 MEDIUM

Nous W3 Smart WiFi Camera <1.33.50.82 - Privilege Escalation

CVSS 6.8

CVE-2025-59951 CRITICAL

Termix < 1.6.0 - Unauthenticated Sensitive Information Exposure via /ssh/db/host/internal Endpoint

CVSS 9.1

CVE-2025-11195 LOW

Rapid7 AppSpider Pro <7.5.021 - Info Disclosure

CVSS 3.3

CVE-2025-59934 CRITICAL

formbricks < 4.0.1 - Unauthenticated Authentication Bypass via JWT Signature Verification Missing

CVSS 9.4

CVE-2025-59420 HIGH

Authlib < 1.6.4 - Insufficient Verification of Data Authenticity via Critical Header Parameter Bypass

CVSS 7.5

CVE-2025-59160 LOW

matrix-js-sdk < 38.2.0 - Insufficient Verification of Room Predecessor Links

CVE-2025-0092 MEDIUM

Android - Permission Bypass and Information Disclosure via Bluetooth Bond State Handling

CVSS 6.5

CVE-2025-9379 HIGH

Belkin AX1800 1.1.00.016 - Info Disclosure

CVSS 7.2

CVE-2025-8980 MEDIUM

Tenda G1 16.01.7.8(3660) - Insufficient Verification of Data Authenticity in Firmware Update Handler

CVSS 6.6

Details

Vulnerabilities 591

Links