1193 matches found
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the remote management service, which allows unauthorized or unauthorized users to...
Insufficient Verification of Data Authenticity
Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...
Insufficient Verification of Data Authenticity
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the fetchWithSsrFGuard function. An attacker can cause unsafe request bodies or headers to be resent across cross-origin redirects by...
Insufficient Verification of Data Authenticity
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the ipn.php process. An attacker can repeatedly increase their wallet balance and renew subscriptions by...
WordPress Charitable plugin <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability
Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability discovered by Andrés Cruciani in WordPress Plugin Charitable versions = 1.8.9.7...
EUVD-2026-19584
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
CVE-2026-3177
The CVE-2026-3177 entry describes a vulnerability in the Charitable – Donation Plugin for WordPress (Fundraising with Recurring Donations & More) for WordPress, affecting versions up to and including 1.8.9.7. The root cause is insufficient verification of data authenticity for incoming Stripe web...
CVE-2026-3177
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
PT-2026-30800
Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...
Insufficient Verification of Data Authenticity
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...
Insufficient Verification of Data Authenticity
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...
Insufficient Verification of Data Authenticity
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...
CVE-2025-52645
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
CVE-2026-23656
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32290
The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...