Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-346 (源验证错误) — Vulnerability Class 152

152 vulnerabilities classified as CWE-346 (源验证错误). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context — OpenClaw 5.4 Medium2026-04-23
CVE-2026-41342 OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding — OpenClaw 7.3 High2026-04-23
CVE-2026-41057 AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses — AVideo 7.1 High2026-04-21
CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition) — pyload 4.8 Medium2026-04-21
CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments — apollo-mcp-server 6.8 Medium2026-04-09
CVE-2026-34720 Zammad has an origin validation error in SSO mechanism — zammad 7.1AIHighAI2026-04-08
CVE-2026-35568 MCP Java-SDK has a DNS Rebinding Vulnerability — java-sdk 6.3AIMediumAI2026-04-07
CVE-2026-35408 Directus is Missing Cross-Origin Opener Policy — directus 8.7 High2026-04-06
CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim — Red Hat Build of Keycloak 3.7 Low2026-04-06
CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests — electron 5.4 Medium2026-04-03
CVE-2026-34083 signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow — signalk-server 6.1 Medium2026-04-02
CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core — org.hl7.fhir.core 7.4 High2026-03-31
CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction — parse-server 8.2AIHighAI2026-03-31
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability — Traveler 6.3 Medium2026-03-24
CVE-2026-32317 Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API — android 7.6 High2026-03-20
CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API — ios 7.6 High2026-03-20
CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API — cryptomator 7.6 High2026-03-20
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers — glances 8.1 High2026-03-18
CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding — glances 5.9 Medium2026-03-18
CVE-2026-2457 WebSocket Message Spoofing via Permalink Embed Manipulation — Mattermost 4.3 Medium2026-03-16
CVE-2026-32302 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode — openclaw 8.1 High2026-03-12
CVE-2026-30964 Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation — webauthn-framework 5.4 Medium2026-03-10
CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass — Apache Airflow Providers Amazon 9.8AICriticalAI2026-03-09
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability — textream 7.6 High2026-03-02
CVE-2025-1787 Genetec Update Service 安全漏洞 — Genetec Update Service 4.4 -2026-02-24
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy — Apache Camel 5.3AIMediumAI2026-02-23
CVE-2026-27579 CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure — realtime-collaboration-platform 7.4 High2026-02-21
CVE-2026-27192 Feathers has an origin validation bypass via prefix matching — feathers 9.1AICriticalAI2026-02-21
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel — kit 5.4AIMediumAI2026-02-20
CVE-2026-2345 Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers — Secure Exam Proctor Extension 3.6 Low2026-02-11

Vulnerabilities classified as CWE-346 (源验证错误) represent 152 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.