CWE-345 对数据真实性的验证不充分 类弱点 244 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-345 属于数据完整性与真实性验证不足的安全漏洞。攻击者通常通过伪造或篡改数据源,使系统误信无效或恶意信息,从而执行非预期操作或泄露敏感数据。开发者应实施严格的身份认证机制,如使用数字签名或加密哈希,确保数据来源可信且未被篡改,并在关键业务逻辑前强制进行真实性校验,以阻断恶意数据的注入与处理。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-53406 | Zoom Contact Center for Windows <7.0.0 提权漏洞 — Remote Control for Zoom Contact Center | 7.8 | High | 2026-06-12 |
| CVE-2026-47691 | Netty NS记录缺乏充分管辖验证 — netty | 8.7 | High | 2026-06-12 |
| CVE-2026-45674 | Netty DNS缓存投毒漏洞(CNAME缺少从属检查) — netty | 8.7 | High | 2026-06-12 |
| CVE-2026-48096 | OpenFGA 缓存键分隔符注入导致授权决策中毒 — openfga | 5.0 | Medium | 2026-06-10 |
| CVE-2026-46539 | Nimiq BlockInclusionProof空跳跃链接漏洞 — core-rs-albatross | 5.9 | Medium | 2026-06-09 |
| CVE-2026-7792 | WPForms <= 1.10.0.4 PayPal Commerce Webhook验证不足漏洞 — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | 5.3 | Medium | 2026-06-06 |
| CVE-2026-8608 | Event Monster <= 2.1.0 支付绕过漏洞 — Event Monster – Event Manager, Ticket Booking & Registration | 5.3 | Medium | 2026-06-05 |
| CVE-2026-50214 | 共享密钥配额膨胀漏洞 — Connect M6E 5G Portable WiFi Router | - | - | 2026-06-04 |
| CVE-2022-4992 | Dräger Infinity M540 VG4.1.1 网络消息伪造导致拒绝服务或篡改 — Infinity Acute Care System | 8.6 | High | 2026-06-02 |
| CVE-2026-41577 | authentik SAML源未验证断言的条件、时间和受众漏洞 — authentik | - | - | 2026-06-02 |
| CVE-2026-47696 | WWBN AVideo 安全漏洞 — AVideo | - | - | 2026-05-29 |
| CVE-2026-9189 | WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞 — Contact Form 7 – PayPal & Stripe Add-on | 5.3 | Medium | 2026-05-29 |
| CVE-2026-3012 | Samba 数据伪造问题漏洞 — Red Hat Enterprise Linux 10 | 8.0 | High | 2026-05-27 |
| CVE-2026-41164 | Cashu NUTs 数据伪造问题漏洞 — nuts-node | 4.4 | Medium | 2026-05-26 |
| CVE-2026-25602 | Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 数据伪造问题漏洞 — Meona Client Launcher Component | 4.4 | Medium | 2026-05-20 |
| CVE-2026-44308 | Spring Cloud AWS 数据伪造问题漏洞 — spring-cloud-aws | - | - | 2026-05-14 |
| CVE-2026-44999 | OpenClaw 数据伪造问题漏洞 — OpenClaw | 5.3 | Medium | 2026-05-11 |
| CVE-2026-42575 | apko 数据伪造问题漏洞 — apko | 7.5 | High | 2026-05-09 |
| CVE-2026-41432 | New API 数据伪造问题漏洞 — new-api | 7.1 | High | 2026-05-08 |
| CVE-2026-42206 | Roadiz Document base system 数据伪造问题漏洞 — core-bundle-dev-app | 7.5AI | HighAI | 2026-05-08 |
| CVE-2026-31835 | Vaultwarden 数据伪造问题漏洞 — vaultwarden | 7.5 | - | 2026-05-05 |
| CVE-2026-43534 | OpenClaw 数据伪造问题漏洞 — OpenClaw | 9.1 | Critical | 2026-05-05 |
| CVE-2026-7611 | TRENDnet TEW-821DAP 数据伪造问题漏洞 — TEW-821DAP | 3.7 | Low | 2026-05-02 |
| CVE-2026-7606 | TRENDnet TEW-821DAP 数据伪造问题漏洞 — TEW-821DAP | 3.7 | Low | 2026-05-02 |
| CVE-2026-35051 | Traefik 数据伪造问题漏洞 — traefik | 9.1 | - | 2026-04-30 |
| CVE-2026-6498 | WordPress plugin Five Star Restaurant Reservations 数据伪造问题漏洞 — Five Star Restaurant Reservations – WordPress Booking Plugin | 5.3 | Medium | 2026-04-30 |
| CVE-2026-6967 | Amazon tough 数据伪造问题漏洞 — tough | 5.9 | Medium | 2026-04-24 |
| CVE-2026-40323 | SP1 安全漏洞 — sp1 | 7.1AI | HighAI | 2026-04-17 |
| CVE-2026-35659 | OpenClaw 数据伪造问题漏洞 — OpenClaw | 4.6 | Medium | 2026-04-10 |
| CVE-2026-39366 | WWBN AVideo 数据伪造问题漏洞 — AVideo | 6.5 | Medium | 2026-04-07 |
CWE-345(对数据真实性的验证不充分) 是常见的弱点类别,本平台收录该类弱点关联的 244 条 CVE 漏洞。