CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346
CVE-2025-12905 MEDIUM
Google Chrome <140.0.7339.80 - CSRF
CVSS 5.4
CVE-2025-12245 MEDIUM
chatwoot < 4.7.0 - Origin Validation Error in Widget IFrame Helper
CVSS 5.3
CVE-2025-62250 MEDIUM
Liferay Digital Experience Platform < 7.3 - Improper Authentication via Unauthenticated Cluster Messages
CVSS 6.5
CVE-2025-62584 HIGH
Whale < 4.33.325.17 - Same-Origin Policy Bypass in Dual-Tab Environment
CVSS 7.5
CVE-2025-9265 CRITICAL
Kiloview NDI N30 < 2.02.246 - Unauthenticated Broken Authorization
CVE-2025-2140 MEDIUM
IBM Engineering Requirements Management Doors Next <7.1 - Auth Bypass
CVSS 5.7
CVE-2025-59957 MEDIUM
Juniper Junos < 21.4R3 - Unauthenticated Backdoor Creation via Physical Access
CVSS 6.8
CVE-2025-42706 MEDIUM
Falcon sensor <7.24 - Privilege Escalation
CVSS 6.5
CVE-2025-59159 CRITICAL
SillyTavern < 1.13.4 - DNS Rebinding via Host Whitelist Bypass
CVSS 9.6
CVE-2025-11304 MEDIUM
CodeCanyon/ui-lib Mentor LMS <1.1.1 - XSS
CVSS 6.3
CVE-2025-59845 HIGH
Apollo Sandbox < 2.7.2 & Apollo Explorer < 3.7.3 - CSRF via window.postMessage Origin Validation Error
CVSS 8.2
CVE-2025-20364 MEDIUM
Cisco Aironet IOS XE Controller - Unauthenticated 802.11 Action Frame Injection
CVSS 4.3
CVE-2025-56648 MEDIUM
parcel < 1.10.3 - Origin Validation Error via XMLHTTPRequest
CVSS 6.5
CVE-2025-10193 HIGH
Neo4j Cypher MCP server 0.2.2-0.3.0 - DNS Rebinding Attack via Same-Origin Policy Bypass
CVE-2025-10201 HIGH
Google Chrome < 140.0.7339.127 - Site Isolation Bypass via Mojo
CVSS 8.8
CVE-2025-9636 HIGH
pgAdmin <= 9.7 - Cross-Origin Opener Policy Bypass via OAuth Flow Manipulation
CVSS 7.9
CVE-2025-47909 HIGH
gorilla/csrf < 1.7.3 - Origin Validation Error in TrustedOrigins
CVSS 7.3
CVE-2025-51605 HIGH
Shopizer 3.2.7 - Origin Validation Error in CORS Implementation
CVSS 8.1
CVE-2025-9180 HIGH
Firefox and Thunderbird - Same-Origin Policy Bypass in Canvas2D
CVSS 8.1
CVE-2025-52621 MEDIUM
HCL BigFix SaaS < 8.1.14 - Cache Poisoning via Origin Header Reflection
CVSS 5.3
CVE-2025-8881 MEDIUM
Google Chrome < 139.0.7258.127 - Cross-Origin Data Leak via File Picker
CVSS 6.5
CVE-2025-53399 MEDIUM
Sipwise rtpengine <13.4.1.1 - Command Injection
CVE-2025-7365 HIGH
Keycloak - Authenticated Account Takeover via Identity Provider Login Email Verification
CVSS 7.1
CVE-2025-53600 HIGH
Whale < 4.32.315.22 - Same-Origin Policy Bypass in Dual-Tab Environment
CVSS 7.5
CVE-2025-5824 HIGH
Autel MaxiCharger AC Wallbox Commercial - Auth Bypass
CVSS 7.5
Details
Vulnerabilities 556
Links
MITRE CWE Entry Search this CWE With Exploits