Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2026-41376 MEDIUM

OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

CVE-2026-22077 MEDIUM

Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet

CVE-2026-41358 MEDIUM

OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context

CVE-2026-41342 HIGH

OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding

CVE-2026-6903 HIGH

Path Traversal Vulnerability in LabOne User Interface

CVE-2026-41057 HIGH

AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses

CVE-2026-40594 MEDIUM

pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

CVE-2026-6662 HIGH

ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

CVE-2026-6143 MEDIUM

farion1231 cc-switch ProxyServer server.rs cross-domain policy

CVE-2026-35577 MEDIUM

Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

CVE-2026-5918 MEDIUM

Google Chrome <147.0.7727.55 - Info Disclosure

CVE-2026-5899 MEDIUM

Google Chrome < 147.0.7727.55 - Universal Cross-Site Scripting via History Navigation

CVE-2026-34720 MEDIUM

Zammad SSO Headers - Origin Validation Error

CVE-2026-35568 MEDIUM

MCP Java SDK <1.0.0 Local Server - DNS Rebinding

CVE-2026-35408 HIGH

Directus is Missing Cross-Origin Opener Policy

CVE-2026-37977 LOW

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

CVE-2026-34777 MEDIUM

Electron: Incorrect origin passed to permission request handler for iframe requests

CVE-2026-34083 MEDIUM

signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

CVE-2026-5321 MEDIUM

vanna-ai vanna FastAPI/Flask Server cross-domain policy

CVE-2026-5283 MEDIUM

Google Chrome <146.0.7680.178 - Info Disclosure

CVE-2026-34359 HIGH

HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

CVE-2026-34373 HIGH

Parse Server: GraphQL API endpoint ignores CORS origin restriction

CVE-2026-33697 HIGH

CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

CVE-2026-21790 MEDIUM

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

CVE-2026-33314 MEDIUM

pyload-ng: Improper Authentication and Origin Validation Error

Previous Page 4 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy