CWE-348
47 CVEs classified under CWE-348. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44183 | Critical | 9.8 | 2026-05-12 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9… |
CVE-2024-45410 | Critical | 9.8 | 2024-09-19 | Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-… |
CVE-2025-48865 | Critical | 9.1 | 2025-05-30 | Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (ex… |
CVE-2024-27773 | High | 8.8 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE |
CVE-2025-55292 | High | 8.2 | 2026-01-27 | Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC add… |
CVE-2024-47880 | High | 8.1 | 2024-10-24 | OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflect… |
CVE-2021-21374 | High | 8.1 | 2021-03-26 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimb… |
CVE-2026-43634 | High | 7.5 | 2026-05-19 | HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security contr… |
CVE-2021-21373 | High | 7.5 | 2021-03-26 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimb… |
CVE-2025-47424 | High | 7.1 | 2025-05-09 | Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated. |
CVE-2024-23105 | High | 7.1 | 2024-05-14 | A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthentica… |
CVE-2025-1245 | Medium | 6.5 | 2025-05-16 | Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitach… |
CVE-2022-4532 | Medium | 6.5 | 2024-08-17 | The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insuf… |
CVE-2022-4537 | Medium | 6.5 | 2023-05-09 | The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insuf… |
CVE-2026-40226 | Medium | 6.4 | 2026-04-10 | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. |
CVE-2026-35507 | Medium | 6.4 | 2026-04-03 | Shynet before 0.14.0 allows Host header injection in the password reset flow. |
CVE-2025-43918 | Medium | 6.4 | 2025-04-19 | SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued f… |
CVE-2026-3635 | Medium | 6.1 | 2026-03-23 | Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom fu… |
CVE-2026-24910 | Medium | 5.9 | 2026-01-27 | In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file… |
CVE-2026-33690 | Medium | 5.3 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `getRealIpAddr()` function in `objects/functions.php` trusts user-contr… |