目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-345 对数据真实性的验证不充分 类漏洞列表 226

CWE-345 对数据真实性的验证不充分 类弱点 226 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-345 属于数据完整性与真实性验证不足的安全漏洞。攻击者通常通过伪造或篡改数据源,使系统误信无效或恶意信息,从而执行非预期操作或泄露敏感数据。开发者应实施严格的身份认证机制,如使用数字签名或加密哈希,确保数据来源可信且未被篡改,并在关键业务逻辑前强制进行真实性校验,以阻断恶意数据的注入与处理。

MITRE CWE 官方描述
CWE:CWE-345 数据真实性验证不足 (Insufficient Verification of Data Authenticity) 英文:产品未能以足以防止其接受无效数据的方式,充分验证数据的来源或真实性。
常见影响 (1)
Integrity, OtherVaries by Context, Unexpected State
代码示例 (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-41432 Stripe Webhook 签名绕过导致配额欺诈漏洞 — new-api 7.1 High2026-05-08
CVE-2026-42206 Roadiz ID令牌重放漏洞 — core-bundle-dev-app--2026-05-08
CVE-2026-31835 Vaultwarden WebAuthn凭证元数据篡改漏洞 — vaultwarden--2026-05-05
CVE-2026-43534 OpenClaw <2026.4.10 代理钩子事件未 sanitization 外部输入漏洞 — OpenClaw 9.1 Critical2026-05-05
CVE-2026-7611 TRENDnet TEW-821DAP 固件升级伪造漏洞 — TEW-821DAP 3.7 Low2026-05-02
CVE-2026-7606 TRENDnet TEW-821DAP 固件更新数据真实性漏洞 — TEW-821DAP 3.7 Low2026-05-02
CVE-2026-35051 Traefik 身份验证绕过漏洞 — traefik 9.1AICriticalAI2026-04-30
CVE-2026-6498 Five Star Restaurant Reservations 2.7.16 payment_id 参数 PHP 类型混淆未授权支付绕过漏洞 — Five Star Restaurant Reservations – WordPress Booking Plugin 5.3 Medium2026-04-30
CVE-2026-6967 Amazon tough 数据伪造问题漏洞 — tough 5.9 Medium2026-04-24
CVE-2026-40323 SP1 安全漏洞 — sp1 7.1AIHighAI2026-04-17
CVE-2026-35659 OpenClaw 数据伪造问题漏洞 — OpenClaw 4.6 Medium2026-04-10
CVE-2026-39366 WWBN AVideo 数据伪造问题漏洞 — AVideo 6.5 Medium2026-04-07
CVE-2026-3177 WordPress plugin Charitable 数据伪造问题漏洞 — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More 5.3 Medium2026-04-07
CVE-2026-35042 fast-jwt 安全漏洞 — fast-jwt 7.5 High2026-04-06
CVE-2026-35039 fast-jwt 安全漏洞 — fast-jwt 9.1 Critical2026-04-06
CVE-2026-34061 core-rs-albatross 数据伪造问题漏洞 — core-rs-albatross 4.9 Medium2026-04-03
CVE-2026-33221 Nhost 数据伪造问题漏洞 — nhost 9.1 -2026-03-20
CVE-2026-33243 Barebox 数据伪造问题漏洞 — barebox 8.3 High2026-03-20
CVE-2026-33143 OneUptime 数据伪造问题漏洞 — oneuptime 5.3 -2026-03-20
CVE-2026-32029 OpenClaw 数据伪造问题漏洞 — OpenClaw 5.3 Medium2026-03-19
CVE-2026-28500 ONNX 安全漏洞 — onnx 8.6 High2026-03-18
CVE-2026-32294 JetKVM 安全漏洞 — JetKVM 4.7 Medium2026-03-17
CVE-2026-32290 GL-iNet Comet 安全漏洞 — Comet KVM 4.7 Medium2026-03-17
CVE-2026-32597 pyjwt 安全漏洞 — pyjwt 7.5 High2026-03-12
CVE-2026-23656 Microsoft Windows App Installer 数据伪造问题漏洞 — Windows App Client for Windows Desktop 5.9 Medium2026-03-10
CVE-2026-30920 OneUptime 安全漏洞 — oneuptime 8.6 High2026-03-09
CVE-2026-28454 OpenClaw 数据伪造问题漏洞 — OpenClaw 7.5 High2026-03-05
CVE-2026-25921 Gogs(Go Git Service) 数据伪造问题漏洞 — gogs 9.3 Critical2026-03-05
CVE-2026-30798 RustDesk 安全漏洞 — RustDesk Client 9.8 -2026-03-05
CVE-2026-2428 WordPress plugin Fluent Forms Pro Add On Pack 数据伪造问题漏洞 — Fluent Forms Pro Add On Pack 7.5 High2026-02-27

CWE-345(对数据真实性的验证不充分) 是常见的弱点类别,本平台收录该类弱点关联的 226 条 CVE 漏洞。