Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2026-45207 HIGH

TrendAI Apex One 2019-14.0.0.17079 & SaS-14.0.20731 Privilege Escalation

CVE-2026-45206 HIGH

TrendAI Apex One <14.0.20731 Privilege Escalation via Origin Validation Error

CVE-2026-34930 HIGH

TrendAI Apex One 2019-14.0.0.17079 & SaS-14.0.20731 Privilege Escalation

CVE-2026-34929 HIGH

TrendAI Apex One 2019-14.0.0.17079 & SaS-14.0.20731 Privilege Escalation via Origin Validation Error

CVE-2026-34928 HIGH

TrendAI Apex One 2019 (14.0)-14.0.0.17079 & SaaS-14.0.20731 - Local Privilege Escalation via Named Pipe

CVE-2026-34927 HIGH

TrendAI Apex One 2019-14.0.0.17078 and SaaS-14.0.20730 - Privilege Escalation via Origin Validation Error

CVE-2026-40622 HIGH

Unbound 1.16.2-1.25.0 - Ghost Domain Name Attack via TTL Extension

CVE-2026-8971 MEDIUM

Same-origin policy bypass in the Networking: JAR component

CVE-2026-8950 CRITICAL

Same-origin policy bypass in the Networking: HTTP component

CVE-2026-2611 CRITICAL

Improper Origin Validation in mlflow/mlflow

CVE-2026-6339 MEDIUM

Missing request origin validation on burn-on-read reveal endpoint

CVE-2026-46728 HIGH

U-Boot < 2026.04 - Signature Verification Bypass via Omitted Hashed-Nodes in FIT

CVE-2026-42559 HIGH

RMCP < 1.4.0 - Streamable HTTP DNS Rebinding

CVE-2026-44184 HIGH

Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads

CVE-2026-41886 HIGH

locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

CVE-2026-6508 CRITICAL

RCE in TUBITAK BILGEM's Liderahenk

CVE-2026-7986 MEDIUM

Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via Autofill Policy Enforcement

CVE-2026-7979 MEDIUM

Google Chrome < 148.0.7778.96 - Origin Validation Error via Media Component

CVE-2026-35253 MEDIUM

Oracle Macaron Tool v0.22.0 - Unauthenticated Origin Validation Error via HTTP

CVE-2026-43870 HIGH

Apache Thrift: Node.js web_server.js multi-vulnerability

CVE-2026-7643 MEDIUM

ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy

CVE-2026-7581 MEDIUM

alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

CVE-2026-7439 MEDIUM

AgentFlow Local Web API Content-Type Validation Bypass

CVE-2026-41398 MEDIUM

OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge

CVE-2026-41393 MEDIUM

OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area Discovery

Previous Page 3 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy