CWE-345 638 個 CVE MITRE 定義 ↗

CWE-345:Insufficient Verification of Data Authenticity

概覽

CWE-345(Insufficient Verification of Data Authenticity)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology ICS/OT Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-62215 2026-07-16 OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions r…
CVE-2026-44434 2026-07-16 Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet…
CVE-2026-33731 2026-07-16 WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an at…
CVE-2026-53536 2026-07-16 Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not che…
CVE-2026-53516 2026-07-15 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the…
CVE-2026-53514 2026-07-15 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVeri…
CVE-2026-53513 2026-07-15 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-con…
CVE-2026-53512 2026-07-15 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates…
CVE-2026-45337 2026-07-15 Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device c…
CVE-2026-48799 2026-07-15 Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription…
CVE-2026-48816 2026-07-14 sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries[].integratedTime for bundle v0.…
CVE-2026-50526 2026-07-14 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-47737 2026-07-14 Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent c…
CVE-2026-47304 2026-07-14 Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45069 2026-07-14 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issue…
CVE-2026-9561 2026-07-14 Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 (Web Con…
CVE-2026-11901 2026-07-11 The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the `web_hook_process_paypal_stand…
CVE-2026-55883 2026-07-10 Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unaut…
CVE-2026-53961 2026-07-09 Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon …
CVE-2026-54783 2026-07-08 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ens…

曾用名

  • Insufficient Verification of Data (2008-04-11)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Related_Attack_Patterns
2009-07-27 CWE Content Team 1.5 updated Related_Attack_Patterns
2010-02-16 CWE Content Team 1.8 updated Taxonomy_Mappings
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2010-12-13 CWE Content Team 1.11 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Related_Attack_Patterns, Relationships
2013-07-17 CWE Content Team 2.5 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, Relationships
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2021-07-20 CWE Content Team 4.5 updated Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, References, Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence