Fallos del tipo CWE-348
52 resultadosCVE-2025-59951CRITICALTermix' official Docker image contains an authentication bypass vulnerabilityEPSS 4.7%CVE-2022-31813—mod_proxy X-Forwarded-For dropped by hop-by-hop mechanismEPSS 3.1%CVE-2024-45410CRITICALHTTP client can remove the X-Forwarded headers in TraefikEPSS 1.5%CVE-2021-21373HIGHNimble falls back to insecure http url when fetching packagesEPSS 1.2%CVE-2021-21374HIGHNimble fails to validate certificates due to insecure httpClient defaultsEPSS 1.0%CVE-2022-2255—A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker toEPSS 0.7%CVE-2022-4539MEDIUMWeb Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.6%CVE-2025-48865CRITICALFabio allows HTTP clients to manipulate custom headers it addsEPSS 0.5%CVE-2024-23105HIGHA Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allEPSS 0.4%CVE-2024-10977LOWPostgreSQL libpq retains an error message from man-in-the-middleEPSS 0.4%CVE-2024-47880HIGHOpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommandEPSS 0.4%CVE-2024-27773HIGHUnitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-348: Use of Less Trusted SourceEPSS 0.4%CVE-2022-4534MEDIUMLimit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.3%CVE-2022-4537MEDIUMHide My WP Ghost – Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.3%CVE-2023-2897LOWBrizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.3%CVE-2026-26927MEDIUMURL (HTTP Origin) call location spoofing in Szafir SDK WebEPSS 0.3%CVE-2022-44593LOWWordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerabilityEPSS 0.3%CVE-2024-0789MEDIUMWP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode BypassEPSS 0.3%CVE-2024-6171MEDIUMUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam BypassEPSS 0.2%CVE-2022-4536MEDIUMIP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism BypassEPSS 0.2%