Lucene search
K

1193 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 12:6 a.m.3 views

CVE-2026-25775 SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

9.8CVSS5.5AI score0.00405EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the remote management service, which allows unauthorized or unauthorized users to...

9.8CVSS5.8AI score0.00405EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 12:26 p.m.2 views

Insufficient Verification of Data Authenticity

Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...

6.5CVSS5.5AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:48 p.m.9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:48 p.m.17 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:37 p.m.5 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the fetchWithSsrFGuard function. An attacker can cause unsafe request bodies or headers to be resent across cross-origin redirects by...

7.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:8 a.m.4 views

Insufficient Verification of Data Authenticity

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the ipn.php process. An attacker can repeatedly increase their wallet balance and renew subscriptions by...

7.1CVSS5.8AI score0.0017EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/07 10:42 p.m.7 views

WordPress Charitable plugin <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability

Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability discovered by Andrés Cruciani in WordPress Plugin Charitable versions = 1.8.9.7...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/07 9:31 a.m.3 views

EUVD-2026-19584

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 7:40 a.m.4 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 7:40 a.m.14 views

CVE-2026-3177

The CVE-2026-3177 entry describes a vulnerability in the Charitable – Donation Plugin for WordPress (Fundraising with Recurring Donations & More) for WordPress, affecting versions up to and including 1.8.9.7. The root cause is insufficient verification of data authenticity for incoming Stripe web...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:40 a.m.2 views

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 7:40 a.m.25 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.15 views

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/04 6:26 a.m.4 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...

8CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:44 a.m.3 views

Insufficient Verification of Data Authenticity

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 2:44 a.m.2 views

Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

5.3CVSS5.8AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-23656

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network...

5.9CVSS5.8AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32290

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS6AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder