Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-6475

Summary
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
Published At-17 Oct, 2019 | 19:17
Updated At-16 Sep, 2024 | 17:54
Rejected At-
Credits

A flaw in mirror zone validity checking can allow zone data to be spoofed

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:isc
Assigner Org ID:404fd4d2-a609-4245-b543-2c944a302a22
Published At:17 Oct, 2019 | 19:17
Updated At:16 Sep, 2024 | 17:54
Rejected At:
▼CVE Numbering Authority (CNA)
A flaw in mirror zone validity checking can allow zone data to be spoofed

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
BIND 9
Versions
Affected
  • 9.14.0 up to 9.14.6
  • 9.15.0 up to 9.15.4
Problem Types
TypeCWE IDDescription
textN/AAn on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection.
Type: text
CWE ID: N/A
Description: An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection.
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to the patched release most closely related to your current version of BIND: + BIND 9.14.7 + BIND 9.15.5

Configurations

Workarounds

The vulnerability can be avoided by not using mirror zones.

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.isc.org/docs/cve-2019-6475
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20191024-0004/
x_refsource_CONFIRM
https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
Hyperlink: https://kb.isc.org/docs/cve-2019-6475
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.netapp.com/advisory/ntap-20191024-0004/
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.isc.org/docs/cve-2019-6475
x_refsource_CONFIRM
x_transferred
https://security.netapp.com/advisory/ntap-20191024-0004/
x_refsource_CONFIRM
x_transferred
https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.isc.org/docs/cve-2019-6475
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20191024-0004/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-officer@isc.org
Published At:17 Oct, 2019 | 20:15
Updated At:07 Nov, 2023 | 03:13

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

Internet Systems Consortium, Inc.
isc
>>bind>>Versions from 9.14.0(inclusive) to 9.14.6(inclusive)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>Versions from 9.15.0(inclusive) to 9.15.4(inclusive)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-345Primarynvd@nist.gov
CWE ID: CWE-345
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://kb.isc.org/docs/cve-2019-6475security-officer@isc.org
Vendor Advisory
https://security.netapp.com/advisory/ntap-20191024-0004/security-officer@isc.org
Third Party Advisory
https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSSsecurity-officer@isc.org
N/A
Hyperlink: https://kb.isc.org/docs/cve-2019-6475
Source: security-officer@isc.org
Resource:
Vendor Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20191024-0004/
Source: security-officer@isc.org
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS
Source: security-officer@isc.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

77Records found

CVE-2002-2211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.31% / 94.25%
||
7 Day CHG~0.00%
Published-23 May, 2006 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.
Product-bindn/a
CVE-2002-2213
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.40% / 81.98%
||
7 Day CHG~0.00%
Published-23 May, 2006 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Action-Not Available
Vendor-infobloxn/aInternet Systems Consortium, Inc.
Product-binddns_onen/a
CVE-2002-2212
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.40% / 81.98%
||
7 Day CHG~0.00%
Published-23 May, 2006 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Action-Not Available
Vendor-n/aFujitsu LimitedInternet Systems Consortium, Inc.
Product-binduxp_vn/a
CVE-1999-0024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.93% / 91.08%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DNS cache poisoning via BIND, by predictable query IDs.

Action-Not Available
Vendor-scobsdin/aInternet Systems Consortium, Inc.IBM CorporationNEC CorporationSun Microsystems (Oracle Corporation)
Product-up-ux_vopenserversunossolarisbsd_osunixaixunixwareasl_ux_4800bindews-ux_vopen_desktopn/a
CVE-2023-50868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-81.73% / 99.60%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:00
Updated-23 Dec, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Action-Not Available
Vendor-powerdnsn/aInternet Systems Consortium, Inc.Debian GNU/LinuxRed Hat, Inc.Fedora ProjectNetApp, Inc.
Product-bootstrap_osenterprise_linuxhci_baseboard_management_controllerh410sh300sactive_iq_unified_managerdebian_linuxh700sh410ch500sfedorahci_compute_nodebindrecursorn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-1033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.54% / 95.99%
||
7 Day CHG~0.00%
Published-08 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.
Product-bindn/a
CVE-2013-5661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.45% / 87.56%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:14
Updated-06 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cache Poisoning issue exists in DNS Response Rate Limiting.

Action-Not Available
Vendor-nlnetlabsnicn/aRed Hat, Inc.Internet Systems Consortium, Inc.
Product-nsdknot_resolverbindenterprise_linuxn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2008-1447
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-95.18% / 99.86%
||
7 Day CHG~0.00%
Published-08 Jul, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Action-Not Available
Vendor-n/aCanonical Ltd.Cisco Systems, Inc.Internet Systems Consortium, Inc.Red Hat, Inc.Microsoft CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxwindows_xpbindwindows_2000iosenterprise_linuxwindows_server_2003n/a
CWE ID-CWE-331
Insufficient Entropy
CVE-2020-15699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.66% / 47.18%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 15:52
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-14116
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.68%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 17:22
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this.

Action-Not Available
Vendor-n/aXiaomi
Product-mi_browserMi Browser
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-47777
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 6.35%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 16:54
Updated-16 Jun, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuthorization object that is used to verify consent to be featured in a Collection and thus make it appear as if an account is allowed to be in a Collection when it actually is not. While the FeatureAuthorization must reside on the same domain as the object it is for, a check is missing to make sure said object is actually the same as in the Collection item. This allows an attacker to forge the authorization. Mastodon servers are affected only if running the main branch or nightly builds who have opted into testing the experimental "Collections" feature by setting the environment variable EXPERIMENTAL_FEATURES to a value including collections. This has been patched in version 4.6.0-beta.1.

Action-Not Available
Vendor-mastodon
Product-mastodon
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-46539
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 4.58%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:44
Updated-10 Jun, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when get_interlink_hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as "proven" without any hash or signature verification. This issue has been patched in version 1.4.0.

Action-Not Available
Vendor-nimiq
Product-core-rs-albatross
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-45022
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.16% / 5.50%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:54
Updated-04 Jun, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally, go-git’s commit signing and verification logic operates over commit data reconstructed from go-git’s parsed representation rather than the original raw object bytes. As a result, go-git may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository. This can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed. This vulnerability is fixed in 5.19.0 and 6.0.0-alpha.3.

Action-Not Available
Vendor-go-git_projectgo-git
Product-go-gitgo-git
CWE ID-CWE-180
Incorrect Behavior Order: Validate Before Canonicalize
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-18905
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-4.8||MEDIUM
EPSS-0.71% / 49.08%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 11:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deprecated functionality in autoyast2 automatically imports gpg keys without checking them

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_serverautoyast2SUSE Linux Enterprise Server 15SUSE Linux Enterprise Server 12
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-23491
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.53% / 41.16%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 21:15
Updated-23 Apr, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Removal of TrustCor root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Action-Not Available
Vendor-certificertifiNetApp, Inc.
Product-certifimanagement_services_for_netapp_hcimanagement_services_for_element_softwaree-series_performance_analyzerpython-certifi
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-2255
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.26%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 17:26
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Action-Not Available
Vendor-modwsgin/aDebian GNU/Linux
Product-debian_linuxmod_wsgimod_wsgi
CWE ID-CWE-348
Use of Less Trusted Source
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2017-12972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.91%
||
7 Day CHG~0.00%
Published-20 Aug, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.

Action-Not Available
Vendor-connect2idn/a
Product-nimbus_jose\+jwtn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-42575
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 5.46%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 19:26
Updated-13 May, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString(), and the downloaded package control hash is computed, but the two values are never compared in getPackageImpl(). Mismatched packages are silently accepted. An attacker who can substitute download responses (compromised mirror, HTTP repository, poisoned CDN cache) can install arbitrary packages into built images. This issue has been patched in version 1.2.7.

Action-Not Available
Vendor-chainguard-dev
Product-apko
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2021-46559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.02%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 01:11
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-tn-5900_firmwaretn-5900n/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-41577
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.17% / 6.60%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 17:12
Updated-04 Jun, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expired assertions and acceptance of assertions intended for other service providers. This issue has been patched in versions 2025.12.5 and 2026.2.3.

Action-Not Available
Vendor-goauthentikgoauthentik
Product-authentikauthentik
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-37920
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.18%
||
7 Day CHG-0.00%
Published-25 Jul, 2023 | 20:45
Updated-05 Mar, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certifi's removal of e-Tugra root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Action-Not Available
Vendor-certificertifiFedora ProjectNetApp, Inc.
Product-fedoraactive_iq_unified_managerontap_mediatormanagement_services_for_element_softwareontap_select_deploy_administration_utilitymanagement_services_for_netapp_hcicertifisolidfire_\&_hci_storage_nodepython-certifi
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-35042
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 5.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 17:02
Updated-10 Apr, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.

Action-Not Available
Vendor-nearformnearform
Product-fast-jwtfast-jwt
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2026-32597
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.47%
||
7 Day CHG+0.07%
Published-12 Mar, 2026 | 21:41
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.18Red Hat Quay 3.16Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat Enterprise Linux HighAvailability (v. 8)Red Hat AI Inference ServerRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2.6Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux ResilientStorage (v. 8)Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux High Availability E4S (v.9.2)Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift AI 2.25Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33143
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.18% / 8.00%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 20:05
Updated-24 Mar, 2026 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OneUptime: WhatsApp Webhook Missing Signature Verification

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery status records, suppress alerts, and corrupt audit trails. The codebase already implements proper signature verification for Slack webhooks. This issue has been patched in version 10.0.34.

Action-Not Available
Vendor-hackerbayOneUptime
Product-oneuptimeoneuptime
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-15154
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 11.91%
||
7 Day CHG~0.00%
Published-28 Dec, 2025 | 21:02
Updated-24 Feb, 2026 | 06:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsPbootCMS
CWE ID-CWE-348
Use of Less Trusted Source
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-15598
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 8.16%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 09:32
Updated-05 Mar, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-FIT2CLOUD Inc.DataEase (FIT2CLOUD Inc.)
Product-sqlbotSQLBot
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-0364
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-6.24% / 92.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

Action-Not Available
Vendor-igniterealtimen/a
Product-smackn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-58593
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.19% / 8.42%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 19:27
Updated-02 Jul, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedTo is used directly as a uid, and actors.assert silently ignores numeric identifiers (filtering them out without re-deriving the uid), so a federated remote actor can set attributedTo to a bare numeric value such as 1 and have the resulting post or private message created with that local uid as author, including the administrator account. This lets a remote attacker forge posts and direct messages attributed to arbitrary local users. Requires the ActivityPub/federation feature to be enabled.

Action-Not Available
Vendor-nodebbNodeBB
Product-nodebbNodeBB
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-23941
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.47%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 20:26
Updated-10 Mar, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SwagPayPal payment not sent to PayPal correctly

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.

Action-Not Available
Vendor-shopwareshopware
Product-swagpaypalSwagPayPal
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2016-1731
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.92% / 56.06%
||
7 Day CHG~0.00%
Published-14 Mar, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.

Action-Not Available
Vendor-n/aApple Inc.
Product-software_updaten/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-28454
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-0.26% / 16.80%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 21:59
Updated-09 Mar, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram Webhook

OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-4031
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.46%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Syltek Insufficient Verification of Data Authenticity

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.

Action-Not Available
Vendor-syltekSyltek
Product-syltekSyltek
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-25474
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 9.95%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 02:38
Updated-19 Feb, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass

OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.

Action-Not Available
Vendor-OpenClaw
Product-openclawopenclaw
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-23656
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 21.41%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-19 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows App Installer Spoofing Vulnerability

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_appWindows App Client for Windows Desktop
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-2428
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.14% / 3.64%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 03:23
Updated-08 Apr, 2026 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN (Instant Payment Notification) verification being disabled by default (`disable_ipn_verification` defaults to `'yes'` in `PayPalSettings.php`). This makes it possible for unauthenticated attackers to send forged PayPal IPN notifications to the publicly accessible IPN endpoint, marking unpaid form submissions as "paid" and triggering post-payment automation (emails, access grants, digital product delivery).

Action-Not Available
Vendor-techjewel
Product-Fluent Forms Pro Add On Pack
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-46370
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.3||HIGH
EPSS-0.22% / 13.04%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rumpus - FTP server Improper Token Verification

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.

Action-Not Available
Vendor-maxumRumpus
Product-rumpusFTP server
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-36360
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.30%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!_8_bm_firmwarelogo\!8_bmLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2021-22947
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.9||MEDIUM
EPSS-2.80% / 84.72%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 00:00
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Action-Not Available
Vendor-n/aOracle CorporationApple Inc.Debian GNU/LinuxSplunk LLC (Cisco Systems, Inc.)NetApp, Inc.Fedora ProjectSiemens AGCURL
Product-h300ecurlh410s_firmwareh500scommunications_cloud_native_core_security_edge_protection_proxycommunications_cloud_native_core_consoledebian_linuxpeoplesoft_enterprise_peopletoolsuniversal_forwarderh300s_firmwaremysql_serverh700e_firmwaremacosh410sh500s_firmwarecommunications_cloud_native_core_service_communication_proxyh700s_firmwareh300e_firmwareh500eclustered_data_ontaph700eh700scommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_network_repository_functionh300sh500e_firmwaresolidfire_baseboard_management_controller_firmwarecommerce_guided_searchcommunications_cloud_native_core_network_slice_selection_functionsinec_infrastructure_network_servicescommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backupfedorasolidfire_baseboard_management_controllerhttps://github.com/curl/curl
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-47867
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.21% / 10.92%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 22:19
Updated-15 Nov, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of integrity check on the downloaded FRP client in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.

Action-Not Available
Vendor-gradio_projectgradio-app
Product-gradiogradio
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-45410
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.51% / 71.39%
||
7 Day CHG+0.01%
Published-19 Sep, 2024 | 22:51
Updated-25 Sep, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-traefiktraefiktraefik
Product-traefiktraefiktraefik
CWE ID-CWE-348
Use of Less Trusted Source
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-59420
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.51%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 17:28
Updated-03 Nov, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.

Action-Not Available
Vendor-authlibauthlib
Product-authlibauthlib
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-39689
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.05% / 60.06%
||
7 Day CHG~0.00%
Published-05 Jul, 2024 | 18:39
Updated-15 Feb, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certifi removes GLOBALTRUST root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Action-Not Available
Vendor-certificertifiNetApp, Inc.
Product-ontap_toolscertifiontap_select_deploy_administration_utilitymanagement_services_for_element_software_and_netapp_hcipython-certifi
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-28370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.14%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 12:29
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed firmware.

Action-Not Available
Vendor-n/aVerizon Communications, Inc
Product-lvskihp_outdoorunitlvskihp_outdoorunit_firmwaren/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-10831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 13.47%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:05
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-25019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.26%
||
7 Day CHG~0.00%
Published-29 Aug, 2020 | 16:07
Updated-17 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Action-Not Available
Vendor-jitsin/a
Product-meet_electronn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-15262
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.52% / 40.16%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 20:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid integrity hashes in webpack-subresource-integrity

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.

Action-Not Available
Vendor-webpack-subresource-integrity_projectwaysact
Product-webpack-subresource-integritywebpack-subresource-integrity
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-3347
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.29%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 21:17
Updated-14 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.

Action-Not Available
Vendor-go-resolver_projectgithub.com/peterzen/goresolver
Product-go-resolvergithub.com/peterzen/goresolver
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-13265
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 49.58%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 21:42
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-3979
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.92% / 55.81%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 21:33
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosMikroTik RouterOS
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-12620
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 46.64%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 16:15
Updated-19 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Software Counter Value Injection Vulnerability

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx240c_af_m5hyperflex_hx240c_m5hyperflex_hx220c_m5hyperflex_hx240c_m5_firmwarehyperflex_hx220c_edge_m5hyperflex_hx220c_m5_firmwarehyperflex_hx220c_af_m5_firmwarehyperflex_hx240c_af_m5_firmwarehyperflex_hx220c_edge_m5_firmwarehyperflex_hx220c_af_m5Cisco HyperFlex HX-Series
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
  • Previous
  • 1
  • 2
  • Next
Details not found