Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40332 | 1 Lesterchan | 1 Wp-postratings | 2025-04-03 | N/A | 5.3 MEDIUM |
|
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
|
|||||
| CVE-2022-4746 | 1 Wpmanageninja | 1 Fluentauth | 2025-04-02 | N/A | 7.5 HIGH |
|
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.
|
|||||
| CVE-2022-4303 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2025-04-02 | N/A | 7.5 HIGH |
|
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
|
|||||
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 6.5 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
|
|||||
| CVE-2025-27671 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
|
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.
|
|||||
| CVE-2025-31122 | 2025-04-01 | N/A | N/A | ||
|
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
|
|||||
| CVE-2024-1547 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-03-28 | N/A | 6.5 MEDIUM |
|
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
|
|||||
| CVE-2024-4846 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.3 MEDIUM |
|
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.
|
|||||
| CVE-2024-55232 | 1 Phpgurukul | 1 Online Notes Sharing Management System | 2025-03-28 | N/A | 5.4 MEDIUM |
|
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information.
|
|||||
| CVE-2024-29006 | 1 Apache | 1 Cloudstack | 2025-03-27 | N/A | 9.8 CRITICAL |
|
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.
|
|||||
| CVE-2024-38807 | 2025-03-27 | N/A | 6.3 MEDIUM | ||
|
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
|
|||||
| CVE-2025-22223 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.
You are not affected if you are not using @EnableMethodSecurity, or
you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods
|
|||||
| CVE-2024-1555 | 1 Mozilla | 1 Firefox | 2025-03-27 | N/A | 8.3 HIGH |
|
When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.
|
|||||
| CVE-2024-31863 | 1 Apache | 1 Zeppelin | 2025-03-25 | N/A | 5.3 MEDIUM |
|
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
|
|||||
| CVE-2025-30110 | 2025-03-21 | N/A | 6.5 MEDIUM | ||
|
On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP scan.
|
|||||
| CVE-2024-8908 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-7981 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-28452 | 1 Coredns.io | 1 Coredns | 2025-03-19 | N/A | 7.5 HIGH |
|
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.
|
|||||
| CVE-2024-41107 | 1 Apache | 1 Cloudstack | 2025-03-19 | N/A | 8.1 HIGH |
|
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned an ...
Show More |
|||||
| CVE-2025-30144 | 2025-03-19 | N/A | 6.5 MEDIUM | ||
|
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss (issuer) claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a potential attack where a malicious actor crafts a JWT with an iss claim structured as ['https://attacker-domain/', 'https://valid-iss']. Due to the permissive validation, the JWT will be deemed valid. ...
Show More |
|||||
| CVE-2024-8399 | 1 Mozilla | 1 Firefox Focus | 2025-03-19 | N/A | 4.7 MEDIUM |
|
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.
|
|||||
| CVE-2024-27853 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 4.4 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
|
|||||
| CVE-2022-4550 | 1 User Activity Project | 1 User Activity | 2025-03-18 | N/A | 7.5 HIGH |
|
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
|
|||||
| CVE-2025-27616 | 2025-03-10 | N/A | 8.5 HIGH | ||
|
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the expl ...
Show More |
|||||
| CVE-2024-32786 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-10 | N/A | 5.3 MEDIUM |
|
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
|
|||||
| CVE-2024-39350 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-03-06 | N/A | 7.5 HIGH |
|
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
|
|||||
| CVE-2025-22271 | 2025-03-05 | N/A | N/A | ||
|
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
|
|||||
| CVE-2023-23398 | 1 Microsoft | 3 365 Apps, Excel, Office | 2025-02-28 | N/A | 7.1 HIGH |
|
Microsoft Excel Spoofing Vulnerability
|
|||||
| CVE-2021-31172 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 7.1 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2021-28478 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 7.6 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2021-26418 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 4.6 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-38173 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
|
Microsoft Edge for Android Spoofing Vulnerability
|
|||||
| CVE-2023-36883 | 1 Microsoft | 1 Edge | 2025-02-28 | N/A | 4.3 MEDIUM |
|
Microsoft Edge for iOS Spoofing Vulnerability
|
|||||
| CVE-2023-36769 | 1 Microsoft | 1 Onenote | 2025-02-28 | N/A | 4.6 MEDIUM |
|
Microsoft OneNote Spoofing Vulnerability
|
|||||
| CVE-2023-35392 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.7 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-29334 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.1 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.2 HIGH |
|
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
|
|||||
| CVE-2023-21794 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Microsoft Exchange Server Spoofing Vulnerability
|
|||||