Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2026-22030 MEDIUM

React Router 7.0.0-7.11.0 and Remix Server Runtime < 2.17.3 - Cross-Site Request Forgery via Document POST Requests

CVE-2026-20893 HIGH

Fujitsu Security Solution AuthConductor Client Basic V2 <2.0.25.0 -...

CVE-2025-66593 MEDIUM

Synology Assistant < 7.0.6-50085 - Origin Validation Error

CVE-2025-66592 MEDIUM

Synology Active Backup For Business Agent < 3.1.0-4967 - Origin Validation Error

CVE-2025-13593 MEDIUM

Synology ActiveProtect Agent < 1.1.0-0439 - Origin Validation Error

CVE-2025-71217 HIGH

Trend Micro Apex One (Mac) - Privilege Escalation via Self-Protection Mechanism Origin Validation Error

CVE-2025-71214 HIGH

Trend Micro Apex One (Mac) - Privilege Escalation via iCore Service Origin Validation Error

CVE-2025-71213 HIGH

TrendAI Apex One 2019-14.0.0.14136 & SaaS-14.0.20315 Privilege Escalation via Origin Validation Error

CVE-2025-68467 LOW

Dark Reader - Info Disclosure

CVE-2025-1787 MEDIUM

Genetec Update Service - Privilege Escalation

CVE-2025-7659 HIGH

GitLab CE/EE <18.6.6-18.8.4 - Info Disclosure

CVE-2025-14279 HIGH

MLFlow <= 3.4.0 - DNS Rebinding Attack via Missing Origin Header Validation

CVE-2025-67825 MEDIUM

Nitro PDF Pro < 14.42.0.34 - Origin Validation Error in Signer Information Display

CVE-2025-69260 HIGH

Trend Micro Apex Central - Unauthenticated Denial of Service via Message Out-of-Bounds Read

CVE-2025-69259 HIGH

Trend Micro Apex Central - Unauthenticated Denial of Service via NULL Return Value

CVE-2025-69258 CRITICAL

Trend Micro Apex Central - Unauthenticated Remote Code Execution via LoadLibraryEX DLL Hijacking

CVE-2025-69235 HIGH

Whale < 4.35.351.12 - Same-Origin Policy Bypass in Sidebar Environment

CVE-2025-61740 HIGH

Johnson Controls IQ Panels 2/2+/IQHub/IQPanel 4/PowerG - DoS & Config Mod via Unverified Packet

CVE-2025-63388 CRITICAL

Dify v1.9.1 - Origin Validation Error in /console/api/system-features Endpoint

CVE-2025-63386 CRITICAL

Dify v1.9.1 - Origin Validation Error in /console/api/setup Endpoint

CVE-2025-14331 MEDIUM

Firefox < 115.31.0, < 146.0 and Thunderbird < 140.6.0, < 146.0 - Same-Origin Policy Bypass in Request Handling

CVE-2025-34291 HIGH KEV

Langflow <= 1.6.9 - Account Takeover and Remote Code Execution via CORS Misconfiguration

CVE-2025-8074 MEDIUM

Synology BeeDrive < 1.4.3-13973 - Arbitrary File Write via Origin Validation Error

CVE-2025-13947 HIGH

WebKitGTK < 2.50.3 - Information Disclosure via File Drag-and-Drop Origin Validation Error

CVE-2025-37734 MEDIUM

Kibana Observability AI Assistant - Forged Origin Server-Side Request Forgery

Previous Page 6 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy