Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2026-32318 HIGH

Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API

CVE-2026-32317 HIGH

Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API

CVE-2026-32303 HIGH

Cryptomator: Tampered vault configuration allows MITM attack on Hub API

CVE-2026-32634 HIGH

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

CVE-2026-32632 MEDIUM

Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

CVE-2026-20643 MEDIUM

macOS < 26.3.2 - Same Origin Policy Bypass via Navigation API

CVE-2026-2457 MEDIUM

WebSocket Message Spoofing via Permalink Embed Manipulation

CVE-2026-32302 HIGH

OpenClaw < 2026.3.11 - Unauthenticated Privilege Escalation via WebSocket Origin Validation Bypass

CVE-2026-27478 CRITICAL

Unity Catalog <=0.4.0 - Auth Bypass

CVE-2026-3846 MEDIUM

Firefox < 148.0.2 - Same-Origin Policy Bypass in CSS Parsing and Computation

CVE-2026-30964 MEDIUM

web-auth/webauthn-lib <5.2.4 - Auth Bypass

CVE-2026-25604 MEDIUM

apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager

CVE-2026-28403 HIGH

Textream < 1.5.1 - Unauthenticated WebSocket Origin Validation Error

CVE-2026-27824 MEDIUM

calibre < 9.4.0 - Brute-Force Protection Bypass via X-Forwarded-For Header Manipulation

CVE-2026-26861 HIGH

CleverTap Web SDK < 1.15.2 - Cross-Site Scripting via PostMessage Origin Validation Bypass

CVE-2026-2790 CRITICAL

Firefox <148 & ESR <140.8 - Auth Bypass

CVE-2026-23552 CRITICAL

Apache Camel 4.15.0-4.17.0 - Auth Bypass

CVE-2026-27579 HIGH

karnop realtime-collaboration-platform - Origin Validation Error in CORS Configuration

CVE-2026-27192 HIGH

Feathersjs < 5.0.40 - Origin Validation Bypass via Prefix Matching

CVE-2026-27118 MEDIUM

@sveltejs/adapter-vercel <6.3.2 - Cache Poisoning

CVE-2026-27004 MEDIUM

OpenClaw <2026.2.15 - Privilege Escalation

CVE-2026-2345 LOW

Proctorio Secure Exam Proctor Extension 1.5.25220.33 - Origin Validation Error in Message Event Handler

CVE-2026-1997 MEDIUM

HP OfficeJet Pro Printer Firmware < 001.2602a - Information Exposure via CORS Misconfiguration

CVE-2026-22694 MEDIUM

AliasVault <0.25.2 - Info Disclosure

CVE-2026-22794 CRITICAL

Appsmith < 1.93 - Origin Validation Error in Email Link Generation

Previous Page 5 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy