CWE-348
44 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-348page 1 of 1
- CVE-2021-21373HIGHCVSS 7.5EG 7.52021-03-26
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS U…
- CVE-2021-21374HIGHCVSS 8.1EG 8.12021-03-26
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due …
- CVE-2022-2255HIGHCVSS 7.5EG 7.52022-08-25
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is m…
- CVE-2022-31813CRITICALCVSS 9.8EG 9.82022-06-09
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/applicat…
- CVE-2022-44593LOWCVSS 3.7EG 3.72024-06-21
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.
- CVE-2022-4529MEDIUMCVSS 5.3EG 5.32024-09-05
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved …
- CVE-2022-4532MEDIUMCVSS 6.5EG 6.52024-08-17
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for …
- CVE-2022-4533MEDIUMCVSS 5.3EG 5.32024-09-19
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request lo…
- CVE-2022-4534MEDIUMCVSS 5.3EG 5.32024-10-08
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for…
- CVE-2022-4536MEDIUMCVSS 5.3EG 5.32024-08-31
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request loggi…
- CVE-2022-4537MEDIUMCVSS 6.5EG 6.52023-05-09
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved fo…
- CVE-2022-4539MEDIUMCVSS 5.3EG 5.32024-08-31
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request log…
- CVE-2023-2897LOWCVSS 3.7EG 3.72023-06-09
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose o…
- CVE-2023-35906MEDIUMCVSS 5.3EG 5.32023-09-05
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
- CVE-2024-0789MEDIUMCVSS 5.3EG 5.32024-06-19
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval…
- CVE-2024-10977LOWCVSS 3.1EG 3.12024-11-14
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error …
- CVE-2024-23105HIGHCVSS 7.5EG 7.52024-05-14
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
- CVE-2024-27773HIGHCVSS 8.8EG 8.82024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE
- CVE-2024-45410CRITICALCVSS 9.8EG 9.82024-09-19
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a…
- CVE-2024-47880HIGHCVSS 8.1EG 8.12024-10-24
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the r…
- CVE-2024-54840MEDIUMCVSS 4.2EG 4.22025-02-03
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
- CVE-2024-6171MEDIUMCVSS 5.3EG 5.32024-07-09
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-sup…
- CVE-2025-1245MEDIUMCVSS 6.5EG 6.52025-05-16
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrast…
- CVE-2025-13694MEDIUMCVSS 5.3EG 5.32026-01-07
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDED_FOR to determine the client's IP addr…
- CVE-2025-15154MEDIUMCVSS 5.3EG 5.32025-12-28
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For le…
- CVE-2025-24856MEDIUMCVSS 4.2EG 4.22025-03-16
An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the followi…
- CVE-2025-27913HIGHCVSS 7.5EG 7.52025-03-10
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.
- CVE-2025-32900MEDIUMCVSS 4.3EG 4.32025-12-05
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, K…
- CVE-2025-43918MEDIUMCVSS 6.4EG 6.42025-04-19
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does …
- CVE-2025-47149MEDIUMCVSS 5.3EG 5.32025-05-23
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pat…
- CVE-2025-47424HIGHCVSS 7.1EG 7.12025-05-09
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.
- CVE-2025-48825LOWCVSS 2.5EG 2.52025-06-13
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL wi…
- CVE-2025-48865CRITICALCVSS 9.1EG 9.12025-05-30
Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop head…
- CVE-2025-53522MEDIUMCVSS 5.3EG 5.32025-08-20
Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.
- CVE-2025-55292HIGHCVSS 8.2EG 8.22026-01-28
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifi…
- CVE-2025-58422LOWCVSS 3.1EG 3.12025-09-08
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the oper…
- CVE-2025-59951CRITICALCVSS 9.1EG 9.12025-10-01
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the b…
- CVE-2026-24910MEDIUMCVSS 5.9EG 5.92026-01-27
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
- CVE-2026-26927MEDIUMCVSS 5.1EG 5.12026-04-02
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL (HTTP Origin) of the application call location. An unauthenticated…
- CVE-2026-35391HIGHCVSS 7.5EG 7.52026-04-06
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in lib/admin/session.ts trusted the first (leftmost) entry of the X-Forwarded-For header, which is fully controlled by th…
- CVE-2026-35507MEDIUMCVSS 6.4EG 6.42026-04-03
Shynet before 0.14.0 allows Host header injection in the password reset flow.
- CVE-2026-40226MEDIUMCVSS 6.4EG 6.42026-04-10
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
- CVE-2026-43634HIGHCVSS 7.5EG 7.52026-05-19
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header wit…
- CVE-2026-44183CRITICALCVSS 9.8EG 9.82026-05-12
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entr…
Map vulnerabilities like CWE-348 to your infrastructure
EchelonGraph correlates every CVE — across CWE-348 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →