CWE-345: CWE-345

Thunderbird email client displays incorrect sender addresses when emails use invalid group name syntax in the From field. This allows attackers to spo...

An off-path attacker can disrupt QUIC connections by injecting forged ICMP Packet Too Large packets, forcing the connection to use smaller MTU sizes t...

OpenProject versions 17.0.0-17.0.1 contain a server-side request forgery (SSRF) vulnerability in the collaborative document editor. Attackers can craf...

This vulnerability allows attackers on the same network as affected EV chargers to bypass password authentication on the web configuration interface b...

This vulnerability allows an authorized attacker with local access to bypass security features in Windows Virtualization-Based Security (VBS) Enclave ...

This vulnerability in Booth cluster ticket manager allows an attacker to bypass HMAC validation by providing a specially-crafted hash to gcry_md_get_a...

Cosign versions prior to 2.6.2 and 3.0.4 have a vulnerability where crafted bundles can bypass verification checks, allowing malicious actors with com...

This vulnerability allows unauthenticated attackers to manipulate email routing and redirection in the The Plus Addons for Elementor WordPress plugin....

This vulnerability allows unauthenticated attackers to bypass paid registration in the RegistrationMagic WordPress plugin by manipulating PayPal payme...

The Rede Itaú for WooCommerce WordPress plugin has a vulnerability that allows unauthenticated attackers to manipulate WooCommerce order statuses. At...

The Subscriptions & Memberships for PayPal WordPress plugin fails to properly verify PayPal IPN requests, allowing unauthenticated attackers to create...

This CVE describes an origin validation vulnerability in Chatwoot's widget SDK that allows attackers to bypass security controls by manipulating the b...

CVE-2022-33861 is an insufficient data verification vulnerability in Eaton's IPP software that allows attackers to send invalid data that the system w...

This vulnerability in MineAdmin's JWT token refresh function allows attackers to bypass authentication by manipulating insufficiently verified data. I...

This vulnerability in JetBrains IntelliJ IDEA allows Gradle and Maven projects to be imported without requiring the 'Trust Project' confirmation dialo...

CVE-2023-6323 is an authentication bypass vulnerability in ThroughTek Kalay SDK where message authenticity isn't verified, allowing attackers to imper...

This vulnerability allows a physically proximate attacker with root access to modify the Recovery Partition on Entrust nShield HSM devices due to lack...

This vulnerability in Cesanta Mongoose allows attackers to bypass cryptographic signature verification in the ChaCha20-Poly1305 decryption function. A...

This vulnerability in eGovFramework's common components allows unauthenticated attackers to bypass access controls and retrieve arbitrary stored files...