CWE-346
Origin Validation Error
ClassDraft
Description
The product does not properly verify that the source of data or communication is valid.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-141 · CAPEC-142 · CAPEC-160 · CAPEC-21 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-510 · CAPEC-59 · CAPEC-60 · CAPEC-75 · CAPEC-76 · CAPEC-89
CVEs mapped to this weakness (99)
page 5 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-20364 | Med | 0.28 | 4.3 | 0.00 | Sep 24, 2025 | A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller. | |
| CVE-2025-5263 | Med | 0.28 | 4.3 | 0.00 | May 27, 2025 | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | |
| CVE-2024-45354 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2025 | A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | |
| CVE-2024-45353 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2025 | An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction. | |
| CVE-2024-45495 | Med | 0.28 | 4.3 | 0.00 | Nov 29, 2024 | MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. | |
| CVE-2025-1787 | Med | 0.27 | 4.2 | 0.00 | Feb 24, 2026 | Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation. | |
| CVE-2026-41393 | Med | 0.24 | 4.8 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation. | |
| CVE-2026-37977 | Low | 0.24 | 3.7 | 0.00 | Apr 6, 2026 | A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: ["*"]`. | |
| CVE-2025-5320 | Low | 0.24 | 3.7 | 0.00 | May 29, 2025 | A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-41398 | Med | 0.23 | 4.6 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting session state and consuming budget. | |
| CVE-2026-2345 | Low | 0.23 | 3.6 | 0.00 | Feb 11, 2026 | Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute. | |
| CVE-2009-1185 | 0.10 | — | 0.90 | Apr 17, 2009 | udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | ||
| CVE-2014-1502 | 0.00 | — | 0.00 | Mar 19, 2014 | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. | ||
| CVE-2012-4193 | 0.00 | — | 0.01 | Oct 12, 2012 | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| CVE-2011-3072 | 0.00 | — | 0.00 | Apr 5, 2012 | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | ||
| CVE-2011-3067 | 0.00 | — | 0.01 | Apr 5, 2012 | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | ||
| CVE-2011-3056 | 0.00 | — | 0.01 | Mar 22, 2012 | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | ||
| CVE-2011-3956 | 0.00 | — | 0.00 | Feb 9, 2012 | The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. | ||
| CVE-2011-2856 | 0.00 | — | 0.00 | Sep 19, 2011 | Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |