Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 218

218 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server — openproject 8.9 High2026-01-28
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE — sm-crypto 9.1 Critical2026-01-22
CVE-2026-1195 MineAdmin JWT Token refresh data authenticity — MineAdmin 5.0 Medium2026-01-20
CVE-2026-0939 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation — Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit 5.3 Medium2026-01-16
CVE-2026-22703 Cosign verification accepts any valid Rekor entry under certain conditions — cosign 5.5 Medium2026-01-10
CVE-2025-15385 TECNO Mobile Boomplay 安全漏洞 — com.afmobi.boomplayer 9.8 -2026-01-06
CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php) — Mozart FM Transmitter 9.1AICriticalAI2025-11-26
CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21 — cggmp21 9.1AICriticalAI2025-11-25
CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation — Subscriptions & Memberships for PayPal 5.3 Medium2025-11-22
CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints — eGovFramework/egovframe-common-components 9.1AICriticalAI2025-11-19
CVE-2025-12080 Intent Abuse in Google Messages for Wear OS for Silent Message Sending — WearOS 4.0AIMediumAI2025-10-27
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks — rancher 8.0 High2025-10-02
CVE-2025-59420 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) — authlib 7.5 High2025-09-22
CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another — matrix-js-sdk 7.5AIHighAI2025-09-16
CVE-2025-9379 Belkin AX1800 Firmware Update data authenticity — AX1800 7.2 High2025-08-24
CVE-2025-8980 Tenda G1 Firmware Update check_upload_file data authenticity — G1 6.6 Medium2025-08-14
CVE-2025-8979 Tenda AC15 Firmware Update check_fw data authenticity — AC15 6.6 Medium2025-08-14
CVE-2025-8978 D-Link DIR-619L boa FirmwareUpgrade data authenticity — DIR-619L 6.6 Medium2025-08-14
CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW — ceph 8.1 High2025-07-30
CVE-2025-30192 A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts — Recursor 7.5 High2025-07-21
CVE-2025-7884 Eluktronics Control Center REG File data authenticity — Control Center 3.3 Low2025-07-20
CVE-2025-53548 @clerk/backend Performs Insufficient Verification of Data Authenticity — javascript 7.5 High2025-07-09
CVE-2025-5833 Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability — DMH-WT7600NEX 6.8AIMediumAI2025-06-25
CVE-2025-5832 Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability — DMH-WT7600NEX 6.8AIMediumAI2025-06-25
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability — risc0 9.6AICriticalAI2025-06-20
CVE-2025-49199 Backup files can be modified and uploaded — SICK Field Analytics 8.8 High2025-06-12
CVE-2025-48865 Fabio allows HTTP clients to manipulate custom headers it adds — fabio 9.1 Critical2025-05-30
CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode — react-router 8.2 High2025-04-25
CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability — Windows 10 Version 1507 6.0 Medium2025-04-08
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims — fast-jwt 6.5 Medium2025-03-19

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 218 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.