Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2023-27944 HIGH

macOS < 11.7.5 - Sandbox Escape via Entitlement Bypass

CVE-2023-27932 MEDIUM

Safari < 16.4 - Same Origin Policy Bypass via Malicious Web Content

CVE-2023-29868 MEDIUM

Zammad 5.3.0-5.3.x - Authenticated Incorrect Access Control

CVE-2023-29867 MEDIUM

Zammad 5.3.0-5.3.x - Authenticated Incorrect Access Control via Zammad API

CVE-2023-2445 MEDIUM

Devolutions Server < 2023.1.3.0 - Authenticated Improper Access Control in Subscriptions Folder Path Filter

CVE-2023-30856 HIGH

eDEX-UI < 2.2.8 - Cross-Site WebSocket Hijacking via Terminal Control WebSocket

CVE-2023-26114 HIGH

code-server <4.10.1 - Info Disclosure

CVE-2023-0957 HIGH

Gitpod < 2022.11.2 - Cross-Site WebSocket Hijacking via Origin Header Misvalidation

CVE-2023-0132 MEDIUM

Google Chrome < 109.0.5414.74 - Permission Prompt Bypass via Crafted HTML Page

CVE-2023-22899 MEDIUM

zip4j < 2.11.2 - Origin Validation Error in ZIP Archive Decryption

CVE-2022-50975 HIGH

Device <unknown> - Privilege Escalation

CVE-2022-50925 CRITICAL

Prowise Reflect <1.0.9 - Code Injection

CVE-2022-21505 MEDIUM

Oracle Linux - Lockdown Bypass via IMA Appraisal Log Mode

CVE-2022-32144 HIGH

Huawei CV81-WDM Firmware - Denial of Service via Insufficient Input Verification

CVE-2022-4917 MEDIUM

Google Chrome < 103.0.5060.53 - Origin Validation Error via Notification UI Spoofing

CVE-2022-46718 MEDIUM

iPadOS < 15.7.2 - Unauthorized Sensitive Location Information Access

CVE-2022-42860 MEDIUM

macOS 11.0.0-11.7.0 - Unauthorized File System Modification

CVE-2022-45139 MEDIUM

WAGO PFC100, PFC200, 751-9301, 752-8303/8000-002, Touch Panel 600 Firmware 16-21 - CORS Misconfiguration

CVE-2022-42927 HIGH

Firefox < 106 and Firefox ESR < 102.4 - Same-Origin Policy Violation via performance.getEntries()

CVE-2022-38472 MEDIUM

Thunderbird <102.2-Firefox <104 - CSRF

CVE-2022-29915 MEDIUM

Firefox < 100.0 - Origin Validation Error via Performance API

CVE-2022-22757 MEDIUM

Firefox < 97.0 - Remote Browser Control via WebDriver Host Header Spoofing

CVE-2022-1520 MEDIUM

Thunderbird < 91.9 - Origin Validation Error in Attached Message Security Status Display

CVE-2022-41961 MEDIUM

BigBlueButton < 2.4-rc-6 - Ineffective User Ban Enforcement via Shared extId

CVE-2022-41924 CRITICAL

Tailscale < 1.32.3 - Remote Code Execution via Local API Host Header Spoofing

Previous Page 14 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy