Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-348 (使用不可信的源) — Vulnerability Class 42

42 vulnerabilities classified as CWE-348 (使用不可信的源). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40226 systemd 安全漏洞 — systemd 6.4 Medium2026-04-10
CVE-2026-35391 Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery — webmail 9.1AICriticalAI2026-04-06
CVE-2026-35507 shynet 安全漏洞 — Shynet 6.4 Medium2026-04-03
CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web — Szafir SDK Web 8.1AIHighAI2026-04-02
CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr() — AVideo 5.3 Medium2026-03-23
CVE-2026-3635 Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function — fastify 6.1 Medium2026-03-23
CVE-2025-69240 Header Poisoning in Raytha CMS — Raytha 8.8 -2026-03-16
CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() — wpDiscuz 5.3 Medium2026-03-13
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node — firmware 8.2 High2026-01-27
CVE-2026-24910 Bun 安全漏洞 — Bun 5.9 Medium2026-01-27
CVE-2025-13694 AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header — AA Block country 5.3 Medium2026-01-07
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source — PbootCMS 5.3 Medium2025-12-28
CVE-2025-32900 KDE Connect 安全漏洞 — KDE Connect information-exchange protocol 4.3 Medium2025-12-05
CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability — Termix 9.1AICriticalAI2025-10-01
CVE-2025-58422 RICOH Streamline NX 安全漏洞 — RICOH Streamline NX 5.9AIMediumAI2025-09-08
CVE-2025-53522 Movable Type 安全漏洞 — Movable Type (Software Edition) 7.5 -2025-08-20
CVE-2025-48825 RICOH Streamline NX V3 PC Client 安全漏洞 — RICOH Streamline NX V3 PC Client 7.5AIHighAI2025-06-13
CVE-2025-47149 Digital Arts i-FILTER 安全漏洞 — i-FILTER 7.7AIHighAI2025-05-23
CVE-2025-1245 Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer — Hitachi Infrastructure Analytics Advisor 6.5 Medium2025-05-16
CVE-2025-47424 Retool 安全漏洞 — Retool 7.1 High2025-05-09
CVE-2025-43918 SSL.com 安全漏洞 — SSL.com 6.4 Medium2025-04-19
CVE-2025-24856 TYPO3 安全漏洞 — oidc 4.2 Medium2025-03-16
CVE-2025-27913 Passbolt 安全漏洞 — API 3.7 -2025-03-10
CVE-2024-54840 CyberArk Privileged Access Manager Self-Hosted 安全漏洞 — Privileged Access Manager 4.2 Medium2025-02-03
CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle — PostgreSQL 3.1 Low2024-11-14
CVE-2022-4534 Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass — Limit Login Attempts (Spam Protection) 5.3 Medium2024-10-08
CVE-2022-4533 Limit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism Bypass — Limit Login Attempts Plus – WordPress Limit Login Attempts By Felix 5.3 Medium2024-09-19
CVE-2022-4529 Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass — Security, Antivirus, Firewall – S.A.F 5.3 Medium2024-09-05
CVE-2022-4539 Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass — Web Application Firewall – website security 5.3 Medium2024-08-31
CVE-2022-4536 IP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism Bypass — Two-factor authentication (formerly IP Vault) 5.3 Medium2024-08-31

Vulnerabilities classified as CWE-348 (使用不可信的源) represent 42 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.