CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2025-8979 MEDIUM
Tenda AC15 15.13.07.13 - Insufficient Verification of Data Authenticity in Firmware Update Handler
CVSS 6.6
CVE-2025-8978 MEDIUM
D-Link DIR-619L 6.02CN02 - Insufficient Firmware Verification in boa FirmwareUpgrade
CVSS 6.6
CVE-2025-54792 MEDIUM
LocalSend < 1.17.0 - Unauthenticated Man-in-the-Middle via Discovery Protocol
CVSS 6.8
CVE-2025-6504 HIGH
HDP Server <4.6.2.2978 - Privilege Escalation
CVSS 8.4
CVE-2025-8038 CRITICAL
Firefox < 141.0 and Thunderbird < 141.0 - Insufficient Verification of Data Authenticity
CVSS 9.8
CVE-2025-51471 MEDIUM
Ollama 0.6.7 - Cross-Domain Token Exposure via WWW-Authenticate Header Realm
CVSS 6.9
CVE-2025-30192 HIGH
PowerDNS Recursor - DNS Cache Poisoning via ECS Query Spoofing
CVSS 7.5
CVE-2025-7884 LOW
Eluktronics Control Center 5.23.51.41 - Info Disclosure
CVSS 3.3
CVE-2025-53548 HIGH
Clerk Backend < 2.4.0 - Insufficient Verification of Data Authenticity in Webhook Verification
CVSS 7.5
CVE-2025-7096 HIGH
Comodo Internet Security Premium 12.3.4.8162 - Info Disclosure
CVSS 8.1
CVE-2025-5833 MEDIUM
Pioneer DMH-WT7600NEX - Privilege Escalation
CVSS 6.8
CVE-2025-5832 MEDIUM
Pioneer DMH-WT7600NEX Firmware - Unauthenticated Arbitrary Code Execution via Software Update Verification Bypass
CVSS 6.8
CVE-2025-6426 HIGH
Firefox < 128.12.0 and 128.12-128.* for macOS - Insufficient Executable File Warning for Terminal Extension
CVSS 8.8
CVE-2025-52484 LOW
risc0-zkvm 2.0.0-2.0.2 - Insufficient Verification of Data Authenticity via rv32im Circuit Constraint Bypass
CVE-2025-49199 HIGH
SICK Field Analytics - Insufficient Verification of Backup ZIP Authenticity
CVSS 8.8
CVE-2025-48865 CRITICAL
fabio < 1.6.6 - Insufficient Verification of Data Authenticity via Hop-by-Hop Header Manipulation
CVSS 9.1
CVE-2025-5320 LOW
gradio-app gradio <= 5.29.1 - Insufficient Verification of Data Authenticity in CORS Handler
CVSS 3.7
CVE-2025-27558 CRITICAL
IEEE P802.11-REVme D1.1-D7.0 - Frame Injection via Non-SSP A-MSDU Handling
CVSS 9.1
CVE-2025-29842 HIGH
Windows 10 1507-22H2 and Windows 11 22H2 - Security Feature Bypass via UrlMon Data Handling
CVSS 7.5
CVE-2025-43865 HIGH
React Router 7.0.0-pre.0-7.5.1 - Insufficient Verification of Data Authenticity via Request Header
CVSS 8.2
CVE-2025-27735 MEDIUM
Windows 10/11, Server 2016-2019 - Insufficient Data Authenticity Verification in VBS Enclave
CVSS 6.0
CVE-2025-30144 MEDIUM
fast-jwt < 5.0.6 - Authentication Bypass via Issuer Claim Spoofing
CVSS 6.5
CVE-2025-2346 MEDIUM
IROAD Dash Cam X5-X6 <20250308 - Origin Validation Error
CVSS 5.6
CVE-2025-0149 MEDIUM
Zoom Meeting SDK < 6.3.0 - Denial of Service via Network Access
CVSS 6.5
CVE-2025-27616 HIGH
go-vela/server < 0.25.3 and 0.26.0-0.26.3 - Repository Ownership Transfer via Spoofed Webhook Payload
CVSS 8.5
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits