Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

479 vulnerabilities with CWE-346

CVE-2026-7581 MEDIUM

alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

CVE-2026-7439 MEDIUM

AgentFlow Local Web API Content-Type Validation Bypass

CVE-2026-41398 MEDIUM

OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge

CVE-2026-41393 MEDIUM

OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area Discovery

CVE-2026-41376 MEDIUM

OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

CVE-2026-22077 MEDIUM

Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet

CVE-2026-41358 MEDIUM

OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context

CVE-2026-41342 HIGH

OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding

CVE-2026-6903 HIGH

Path Traversal Vulnerability in LabOne User Interface

CVE-2026-41057 HIGH

AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses

CVE-2026-40594 MEDIUM

pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

CVE-2026-6662 HIGH

ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

CVE-2026-6143 MEDIUM

farion1231 cc-switch ProxyServer server.rs cross-domain policy

CVE-2026-35577 MEDIUM

Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

CVE-2026-5918 MEDIUM

Google Chrome <147.0.7727.55 - Info Disclosure

CVE-2026-5899 MEDIUM

Google Chrome < 147.0.7727.55 - XSS

CVE-2026-34720 MEDIUM

Zammad has an origin validation error in SSO mechanism

CVE-2026-35568 MEDIUM

MCP Java-SDK has a DNS Rebinding Vulnerability

CVE-2026-35408 HIGH

Directus is Missing Cross-Origin Opener Policy

CVE-2026-37977 LOW

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

CVE-2026-34777 MEDIUM

Electron: Incorrect origin passed to permission request handler for iframe requests

CVE-2026-34083 MEDIUM

signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

CVE-2026-5321 MEDIUM

vanna-ai vanna FastAPI/Flask Server cross-domain policy

CVE-2026-5283 MEDIUM

Google Chrome <146.0.7680.178 - Info Disclosure

CVE-2026-34359 HIGH

HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

Page 1 of 20 Next

Details

Vulnerabilities 479

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy