Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-346

CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346

CVE-2025-42998 MEDIUM

SAP Business One Integration Framework - Auth Bypass

CVE-2025-30360 MEDIUM

webpack-dev-server < 5.2.1 - Origin Validation Error via IP Address Origin Header

CVE-2025-30466 CRITICAL

Safari < 18.4 - Same Origin Policy Bypass via State Management Issue

CVE-2025-5320 LOW

gradio-app gradio <= 5.29.1 - Insufficient Verification of Data Authenticity in CORS Handler

CVE-2025-5263 MEDIUM

Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Origin Validation Error

CVE-2025-4839 LOW

itwanger paicoding 1.0.0-1.0.3 - Permissive Cross-domain Security Policy in CrossUtil.java

CVE-2025-46737 HIGH

SEL-5037 Grid Configurator < 6.4.0.58 - Unauthenticated Origin Validation Error in Data Gateway Service

CVE-2025-4542 LOW

Freeebird Hotel < 1.2 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2025-4515 MEDIUM

pribai/privategpt < 0.6.2 - Permissive Cross-domain Security Policy via allow_origins Argument

CVE-2025-3462 HIGH

ASUS DriverHub - Unauthorized Feature Interaction via Crafted HTTP Requests

CVE-2025-43929 MEDIUM

kitty < 0.41.0 - Unauthenticated Arbitrary Code Execution via Untrusted Document Link

CVE-2025-3651 CRITICAL

Work Desktop for Mac <10.8.2.33 - RCE

CVE-2025-3071 MEDIUM

Google Chrome < 135.0.7049.52 - Same Origin Policy Bypass via Navigation UI Gestures

CVE-2025-2346 MEDIUM

IROAD Dash Cam X5-X6 <20250308 - Origin Validation Error

CVE-2025-25306 CRITICAL

Misskey < 2025.2.1 - Unintended Proxy via ActivityPub Object Field Validation Bypass

CVE-2025-25302 MEDIUM

rembg < 2.0.57 - Origin Validation Error in CORS Middleware

CVE-2025-23117 MEDIUM

UniFi Protect < - Privilege Escalation

CVE-2025-1102 MEDIUM

Q-Free MaxTime <= 2.11.0 - Unauthenticated Origin Validation Error in CORS Configuration

CVE-2025-1083 LOW

Mindskip xzs-mysql 3.9.0 - Permissive Cross-domain Security Policy with Untrusted Domains in CORS Handler

CVE-2025-23023 HIGH

Discourse < 3.3.2 - Cache Poisoning via Anonymous Cache Header Manipulation

CVE-2025-21542 MEDIUM

Oracle Communications Order and Service Management 7.4.0, 7.4.1, 7.5.0 - Origin Validation Error

CVE-2025-21511 HIGH

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Unauthenticated Unauthorized Data Access via Web Runtime SEC

CVE-2025-21497 MEDIUM

MySQL Server < 8.0.40, 8.4.3 and prior, 9.1.0 and prior - Denial of Service and Unauthorized Data Manipulation in InnoDB

CVE-2025-24010 MEDIUM

vitejs/vite < 4.5.5, 6.0.0-6.0.9 - Origin Validation Error via CORS and WebSocket

CVE-2025-23109 MEDIUM

Firefox < 134.0 - URL Spoofing via Long Hostnames

Previous Page 8 of 23 Next

Details

Vulnerabilities 556

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy