CWE-348: CWE-348

CVE-2024-27773 is a critical vulnerability in Unitronics Unistream Unilogic software that allows remote code execution by exploiting trust in less sec...

This vulnerability allows attackers to impersonate legitimate nodes in Meshtastic mesh networks by forging NodeInfo packets that claim HAM mode is ena...

This vulnerability allows attackers to manipulate email messages sent by Passbolt API by injecting malicious domain names via HTTP Host headers. It af...

This vulnerability allows attackers to manipulate the HTTP Host header in self-hosted Retool instances when the BASE_DOMAIN environment variable is no...

This vulnerability allows attackers to obtain trusted TLS certificates for domains they don't control by exploiting a flaw in SSL.com's domain validat...

This vulnerability allows attackers to spoof trusted dependencies in Bun by using non-npm packages with matching names, potentially leading to executi...

The AA Block Country WordPress plugin versions up to 1.0.1 trust user-supplied HTTP headers like X-Forwarded-For to determine client IP addresses with...

This vulnerability in PbootCMS allows attackers to spoof IP addresses by manipulating the X-Forwarded-For header. The system incorrectly trusts this h...

CVE-2025-53522 is a security vulnerability in Movable Type that allows remote unauthenticated attackers to send tampered password reset emails. This c...

The Web Application Firewall plugin for WordPress versions up to 2.1.2 is vulnerable to IP address spoofing. Attackers can manipulate the X-Forwarded-...

This vulnerability in TYPO3's OpenID Connect extension allows account takeover through pre-hijacking attacks. Attackers can link their own accounts to...

This vulnerability in CyberArk's Password Vault Web Access (PVWA) allows attackers to perform Host header injection attacks when environment issues ar...