VYPR

CWE-940

Improper Verification of Source of a Communication Channel

BaseIncomplete

Description

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-500 · CAPEC-594 · CAPEC-595 · CAPEC-596

CVEs mapped to this weakness (31)

page 1 of 2
  • CVE-2024-40516HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality.

  • CVE-2025-59159CriOct 6, 2025
    risk 0.55cvss 9.6epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS…

  • CVE-2025-23222HigJan 24, 2025
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the…

  • CVE-2026-40434HigApr 17, 2026
    risk 0.53cvss 8.1epss 0.00

    Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

  • CVE-2026-33875CriMar 27, 2026
    risk 0.53cvss 9.3epss 0.00

    Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep…

  • CVE-2026-35643HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.

  • CVE-2026-44894HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will not send Retry — acceptable),…

  • CVE-2019-25613HigMar 22, 2026
    risk 0.49cvss 7.5epss 0.01

    Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an…

  • CVE-2025-40820HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The…

  • CVE-2025-9999HigSep 5, 2025
    risk 0.49cvss epss 0.00

    Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.

  • CVE-2026-44698HigMay 29, 2026
    risk 0.47cvss 8.3epss 0.00

    Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on…

  • CVE-2026-45353HigMay 28, 2026
    risk 0.44cvss 7.8epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

  • CVE-2023-7004MedMar 15, 2024
    risk 0.42cvss 6.5epss 0.00

    The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.

  • CVE-2026-45245HigMay 18, 2026
    risk 0.41cvss 7.4epss 0.00

    Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying…

  • CVE-2025-25305HigFeb 18, 2025
    risk 0.39cvss 7.0epss 0.00

    Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the…

  • CVE-2026-55660higJun 19, 2026
    risk 0.38cvss epss

    TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source, and post messages using non-specific…

  • CVE-2024-7322MedJan 15, 2025
    risk 0.38cvss 5.8epss 0.00

    A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established

  • CVE-2016-0763MedFeb 25, 2016
    risk 0.35cvss 6.3epss 0.11

    The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote…

  • CVE-2025-43280MedOct 15, 2025
    risk 0.31cvss 4.7epss 0.00

    The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.

  • CVE-2017-5591MedFeb 9, 2017
    risk 0.31cvss 5.9epss 0.01

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for…