Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2023-2866 | Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 7.8 |
| 2023-05-31 | CVE-2023-2987 | Insufficient Verification of Data Authenticity vulnerability in Wordapp 1.5.0 The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. | 9.8 |
| 2023-05-16 | CVE-2023-32993 | Insufficient Verification of Data Authenticity vulnerability in Jenkins Saml Single Sign on Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | 4.8 |
| 2023-05-11 | CVE-2023-31502 | Insufficient Verification of Data Authenticity vulnerability in Apsystems Alternergy Power Control Software C1.2.5 Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. | 7.2 |
| 2023-05-09 | CVE-2022-4537 | Insufficient Verification of Data Authenticity vulnerability in Wpplugins Hide MY WP Ghost The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. | 6.5 |
| 2023-05-09 | CVE-2022-44420 | Insufficient Verification of Data Authenticity vulnerability in Google Android In modem, there is a possible missing verification of HashMME value in Security Mode Command. | 5.5 |
| 2023-04-18 | CVE-2023-28863 | Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 |
| 2023-04-13 | CVE-2023-27748 | Insufficient Verification of Data Authenticity vulnerability in Blackvue Dr750-2Ch IR LTE Firmware and Dr750-2Ch LTE Firmware BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. | 9.8 |
| 2023-04-10 | CVE-2023-26467 | Insufficient Verification of Data Authenticity vulnerability in Pega Synchronization Engine A man in the middle can redirect traffic to a malicious server in a compromised configuration. | 5.4 |
| 2023-03-29 | CVE-2022-48431 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. | 7.8 |