CWE-346
Origin Validation Error
Description
The product does not properly verify that the source of data or communication is valid.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-141 · CAPEC-142 · CAPEC-160 · CAPEC-21 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-510 · CAPEC-59 · CAPEC-60 · CAPEC-75 · CAPEC-76 · CAPEC-89
CVEs mapped to this weakness (296)
page 5 of 15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14279 | Hig | 0.46 | 8.1 | 0.00 | Jan 12, 2026 | MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against… | ||
| CVE-2025-59845 | Hig | 0.46 | 8.2 | 0.00 | Sep 26, 2025 | Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability… | ||
| CVE-2024-2419 | Hig | 0.46 | 7.1 | 0.01 | Apr 17, 2024 | A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to… | ||
| CVE-2018-6690 | Hig | 0.46 | 7.1 | 0.00 | Sep 18, 2018 | Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | ||
| CVE-2017-0902 | Hig | 0.46 | 8.1 | 0.05 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | ||
| CVE-2026-54007 | hig | 0.45 | — | 0.00 | Jun 17, 2026 | ### Summary The chat message listener allows non-same-origin `input:prompt` and `action:submit` messages, so an external site can set prompt text and trigger `submitPrompt()` in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted… | ||
| CVE-2025-23117 | Med | 0.44 | 6.8 | 0.00 | Mar 1, 2025 | An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system. | ||
| CVE-2009-4139 | Med | 0.44 | 6.8 | 0.01 | Jul 27, 2011 | A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or… | ||
| CVE-2026-6734 | — | imp | 0.42 | 7.5 | 0.00 | Jun 17, 2026 | undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing | |
| CVE-2026-12024 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2026 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-42558 | Hig | 0.42 | 7.6 | 0.00 | Jun 10, 2026 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the… | ||
| CVE-2026-37737 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted… | ||
| CVE-2026-11278 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11226 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11217 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11214 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11200 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11195 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11194 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11176 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
- risk 0.46cvss 8.1epss 0.00
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against…
- risk 0.46cvss 8.2epss 0.00
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability…
- risk 0.46cvss 7.1epss 0.01
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to…
- risk 0.46cvss 7.1epss 0.00
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
- risk 0.46cvss 8.1epss 0.05
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
- risk 0.45cvss —epss 0.00
### Summary The chat message listener allows non-same-origin `input:prompt` and `action:submit` messages, so an external site can set prompt text and trigger `submitPrompt()` in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted…
- risk 0.44cvss 6.8epss 0.00
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.
- risk 0.44cvss 6.8epss 0.01
A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or…
- risk 0.42cvss 7.5epss 0.00
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 7.6epss 0.00
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the…
- risk 0.42cvss 6.5epss 0.00
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted…
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)