CWE-353
Missing Support for Integrity Check
Description
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-14 · CAPEC-389 · CAPEC-39 · CAPEC-665 · CAPEC-74 · CAPEC-75
CVEs mapped to this weakness (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45787 | Cri | 0.52 | 9.1 | 0.00 | May 28, 2026 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can… | ||
| CVE-2024-27817 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel… | ||
| CVE-2025-15364 | Hig | 0.40 | 7.3 | 0.00 | Jan 6, 2026 | The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it… | ||
| CVE-2026-42428 | Hig | 0.39 | 7.1 | 0.00 | Apr 28, 2026 | OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment. | ||
| CVE-2026-33261 | Med | 0.38 | 5.9 | 0.00 | Apr 22, 2026 | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | ||
| CVE-2026-31839 | 0.00 | — | 0.00 | Mar 11, 2026 | Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content,… | |||
| CVE-2023-29290 | 0.00 | — | 0.01 | Jun 15, 2023 | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality.… |
- risk 0.52cvss 9.1epss 0.00
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can…
- risk 0.51cvss 7.8epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel…
- risk 0.40cvss 7.3epss 0.00
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it…
- risk 0.39cvss 7.1epss 0.00
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.
- risk 0.38cvss 5.9epss 0.00
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
- CVE-2026-31839Mar 11, 2026risk 0.00cvss —epss 0.00
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content,…
- CVE-2023-29290Jun 15, 2023risk 0.00cvss —epss 0.01
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality.…