CVE-2026-44087 Apache APISIX: Openid-connect plugin Identity Header Spoofing

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

EUVD-2026-38017

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

Insufficient Verification of Data Authenticity

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the Body Limit Middleware. An attacker can cause the application to process payloads larger than the configured maximum by understating t...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

EUVD-2026-36521

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-53406

CVE-2026-53406 affects the Zoom Contact Center for Windows prior to version 7.0.0. The root cause is Insufficient Verification of Data Authenticity in the Remote Control feature, which may allow an authenticated user to perform a local privilege escalation. Impact, per the entry, is elevated priv...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in . If SharedIteratorCache and ListObjectsIteratorCache are enabled, a user can influence authorization decisions by sending malicious requests that trigger cache key collisions, causing t...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to missing validation of the origin of CNAME records in DNS responses within the DnsResolveContext function. An attacker can inject unauthorized DNS records by supplying malicious DNS...

CVE-2026-10803

A flaw was found in MLflow. This vulnerability stems from the use of a weak hash algorithm within the Dataset Digest Computation component. A local attacker could potentially exploit this weakness, which may impact the integrity or authenticity of data. Exploitation is considered difficult due to...

CVE-2026-7792 WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

CVE-2026-7792

Technical details about CVE-2026-7792 are not publicly available in the provided documents. Monitor for updates.

PT-2026-47131

Name of the Vulnerable Software and Affected Versions WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More versions prior to 1.10.0.2 Description The plugin is subject to insufficient verification of data authenticity. The PayPal Commerce webhook endpoint...

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

CVE-2026-21023

Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application...

WordPress WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity vulnerability

Unauthenticated Insufficient Verification of Data Authenticity vulnerability discovered by Valatty in WordPress Plugin Contact Form by WPForms versions = 1.10.0.4...

WordPress Event Monster – Event Manager, Ticket Booking & Registration plugin <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability

Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Event Management Tickets Booking versions = 2.1.0...