VYPR

CWE-346

Origin Validation Error

ClassDraft

Description

The product does not properly verify that the source of data or communication is valid.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-141 · CAPEC-142 · CAPEC-160 · CAPEC-21 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-510 · CAPEC-59 · CAPEC-60 · CAPEC-75 · CAPEC-76 · CAPEC-89

CVEs mapped to this weakness (296)

page 3 of 15
  • CVE-2026-45206HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-34930HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the…

  • CVE-2026-34929HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first…

  • CVE-2026-34928HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain…

  • CVE-2026-34927HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71217HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2025-71214HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71213HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2026-20893HigJan 7, 2026
    risk 0.51cvss 7.8epss 0.00

    Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with…

  • CVE-2018-6764HigFeb 23, 2018
    risk 0.51cvss 7.8epss 0.00

    util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

  • CVE-1999-1549HigNov 16, 1999
    risk 0.51cvss 7.8epss 0.01

    Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.

  • CVE-2026-42559HigMay 14, 2026
    risk 0.50cvss 8.8epss 0.00

    RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a…

  • CVE-2026-35408HigApr 6, 2026
    risk 0.50cvss 8.7epss 0.00

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-origin window that opens the…

  • CVE-2026-34373HigMar 31, 2026
    risk 0.50cvss 8.8epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any…

  • CVE-2001-1452HigAug 31, 2001
    risk 0.50cvss 7.5epss 0.09

    By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

  • CVE-2026-6903HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system…

  • CVE-2024-44734HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.00

    Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.

  • CVE-2024-2377HigApr 30, 2024
    risk 0.49cvss 7.6epss 0.00

    A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

  • CVE-2018-14903HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.

  • CVE-2018-5157HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects…