CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2025-1945 CRITICAL
picklescan < 0.0.23 - Insufficient Verification of Data Authenticity via ZIP File Header Bit Manipulation
CVSS 9.8
CVE-2025-1944 MEDIUM
PickleScan <0.0.23 - Code Injection
CVSS 6.5
CVE-2025-27257 MEDIUM
GE Vernova UR IED - Privilege Escalation
CVSS 6.1
CVE-2025-27680 CRITICAL
Vasion Print < 20.0.1442 and Virtual Appliance < 1.0.750 - Insufficient Verification of Data Authenticity
CVSS 9.1
CVE-2025-24903 HIGH
libsignal-service-rs - Sync Message Impersonation
CVSS 8.5
CVE-2025-24807 HIGH
eprosima Fast DDS < 2.6.10 - Insufficient Verification of Data Authenticity in PermissionsCA
CVSS 7.1
CVE-2025-25188 MEDIUM
Hickory DNS <0.24.3-0.25.0-alpha.5 - Info Disclosure
CVE-2025-1108 HIGH
Janto < r12 - Unauthenticated Email Content Modification via Xml Parameter Injection
CVSS 8.6
CVE-2025-23415 LOW
F5 BIG-IP APM 15.1.0-15.1.10.6.0.11.6 - Insufficient Verification of Data Authenticity in VPN Endpoint Inspection
CVSS 3.1
CVE-2025-0510 MEDIUM
Thunderbird <128.7 - Info Disclosure
CVSS 6.5
CVE-2025-24882 MEDIUM
regclient < 0.7.1 - Digest Spoofing via Manifest Pin Bypass
CVSS 5.2
CVE-2025-21606 HIGH
exelban/stats < 2.11.21 - Local Privilege Escalation via Insecure XPC Service
CVE-2024-58267 HIGH
Rancher 2.9.0-2.12.0 - SAML Authentication Token Theft via Phishing Attack
CVSS 8.0
CVE-2024-48916 HIGH
Ceph <= 19.2.3 - Insufficient Verification of Data Authenticity in RadosGW OIDC Provider
CVSS 8.1
CVE-2024-39805 HIGH
Intel(R) DSA <23.4.39 - Privilege Escalation
CVSS 7.8
CVE-2024-10237 HIGH
Supermicro MBD-X12DPG-OA6 - Auth Bypass
CVSS 7.2
CVE-2024-55929 MEDIUM
Xerox Workplace Suite < 5.6.701.9 - Mail Spoofing via Forged Email Headers
CVSS 5.3
CVE-2024-54111 MEDIUM
HarmonyOS - Read/Write Vulnerability in Image Decoding Module
CVSS 5.7
CVE-2024-12369 MEDIUM
wildfly-elytron 1.17.0.Final-2.2.9.Final - Authorization Code Injection via OIDC-Client
CVSS 4.2
CVE-2024-52548 MEDIUM
Firmware <2.800.0000000.8.R.20241111 - Privilege Escalation
CVSS 6.7
CVE-2024-53259 MEDIUM
quic-go < 0.48.2 - Denial of Service via ICMP Packet Too Large Injection
CVSS 6.5
CVE-2024-11666 CRITICAL
cph2_echarge_firmware <2.0.4 - Command Injection
CVSS 9.0
CVE-2024-8356 HIGH
Visteon Infotainment VIP MCU - Privilege Escalation
CVSS 7.8
CVE-2024-10977 LOW
Postgresql < 12.21 - Data Authenticity Bypass
CVSS 3.1
CVE-2024-43428 HIGH
Moodle < 4.1.12 - Cache Poisoning via Insufficient Local Storage Validation
CVSS 7.7
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits