Weaknesses of type CWE-348
52 resultsCVE-2022-4536MEDIUMIP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.2%CVE-2026-43634HIGHHestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP HeaderEPSS 0.2%CVE-2022-4529MEDIUMSecurity, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.2%CVE-2026-44183CRITICALCleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabledEPSS 0.2%CVE-2022-4533MEDIUMLimit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.2%CVE-2025-15154MEDIUMPbootCMS Header handle.php get_user_ip less trusted sourceEPSS 0.2%CVE-2022-4532MEDIUMLOGIN AND REGISTRATION ATTEMPTS LIMIT<= 2.1 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.2%CVE-2025-13694MEDIUMAA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For HeaderEPSS 0.2%CVE-2020-37248MEDIUMOfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle aEPSS 0.2%CVE-2026-48772CRITICALProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACLEPSS 0.2%CVE-2026-33690MEDIUMAVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()EPSS 0.2%CVE-2025-27913LOWPassbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), canEPSS 0.2%CVE-2025-24856MEDIUMAn issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows aEPSS 0.2%CVE-2025-53522MEDIUMMovable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unaEPSS 0.2%CVE-2026-22201MEDIUMwpDiscuz before 7.6.47 - IP Address Spoofing in getIP()EPSS 0.2%CVE-2025-69240HIGHHeader Poisoning in Raytha CMSEPSS 0.1%CVE-2025-47149MEDIUMThe optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product mEPSS 0.1%CVE-2024-54840MEDIUMPVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues EPSS 0.1%CVE-2025-1245MEDIUMBypass Connection Restriction Vulnerability in Hitachi Ops Center AnalyzerEPSS 0.1%CVE-2026-35391HIGHBulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgeryEPSS 0.1%