Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 227

227 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-2428 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification — Fluent Forms Pro Add On Pack 7.5 High2026-02-27
CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE — Unitree Go2 9.6 Critical2026-02-26
CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo — hono 8.2 High2026-02-25
CVE-2026-2385 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 5.3 Medium2026-02-22
CVE-2026-26327 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning — openclaw 9.3 -2026-02-19
CVE-2026-25474 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass — openclaw 7.5 High2026-02-19
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 5.3 Medium2026-02-18
CVE-2026-26007 cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves — cryptography 6.5 -2026-02-10
CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension — openproject 6.3 Medium2026-01-28
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server — openproject 8.9 High2026-01-28
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE — sm-crypto 9.1 Critical2026-01-22
CVE-2026-1195 MineAdmin JWT Token refresh data authenticity — MineAdmin 5.0 Medium2026-01-20
CVE-2026-0939 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation — Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit 5.3 Medium2026-01-16
CVE-2026-22703 Cosign verification accepts any valid Rekor entry under certain conditions — cosign 5.5 Medium2026-01-10
CVE-2025-15385 TECNO Mobile Boomplay 安全漏洞 — com.afmobi.boomplayer 9.8 -2026-01-06
CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php) — Mozart FM Transmitter 9.1AICriticalAI2025-11-26
CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21 — cggmp21 9.1AICriticalAI2025-11-25
CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation — Subscriptions & Memberships for PayPal 5.3 Medium2025-11-22
CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints — eGovFramework/egovframe-common-components 9.1AICriticalAI2025-11-19
CVE-2025-12080 Intent Abuse in Google Messages for Wear OS for Silent Message Sending — WearOS 4.0AIMediumAI2025-10-27
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks — rancher 8.0 High2025-10-02
CVE-2025-59420 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) — authlib 7.5 High2025-09-22
CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another — matrix-js-sdk 7.5AIHighAI2025-09-16
CVE-2025-9379 Belkin AX1800 Firmware Update data authenticity — AX1800 7.2 High2025-08-24
CVE-2025-8980 Tenda G1 Firmware Update check_upload_file data authenticity — G1 6.6 Medium2025-08-14
CVE-2025-8979 Tenda AC15 Firmware Update check_fw data authenticity — AC15 6.6 Medium2025-08-14
CVE-2025-8978 D-Link DIR-619L boa FirmwareUpgrade data authenticity — DIR-619L 6.6 Medium2025-08-14
CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW — ceph 8.1 High2025-07-30
CVE-2025-30192 A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts — Recursor 7.5 High2025-07-21
CVE-2025-7884 Eluktronics Control Center REG File data authenticity — Control Center 3.3 Low2025-07-20

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 227 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.