CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Snyk•added 2026/04/10 4:9 p.m.•1 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the nspawn process. An attacker can gain unauthorized access to the host system by supplying a crafted optional configuration file. Remediation A fix was pushed into the master branch but not yet published...

7.1CVSS5.8AI score0.0001EPSS

Exploits0References2

CVE•added 2025/12/28 9:2 p.m.•7 views

CVE-2025-15154

CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...

6.9CVSS6.5AI score0.0004EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-28529

Malicious code in bioql PyPI...

6.9CVSS5.5AI score0.00038EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-47531

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00087EPSS

Exploits0References1

Japan Vulnerability Notes•added 2025/09/08 4:42 a.m.•3 views

RICOH Streamline NX vulnerable to tampering with operation history

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

3.1CVSS4AI score0.00031EPSS

Exploits0References4

Japan Vulnerability Notes•added 2025/08/20 6:30 a.m.•3 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source CWE-348 - CVE-2025-53522 Open redirect CWE-601 - CVE-2025-55706 Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

6.9CVSS7.4AI score0.00046EPSS

Exploits0References6

CVE•added 2025/08/20 4:22 a.m.•13 views

CVE-2025-53522

CVE-2025-53522 affects Movable Type and related editions, caused by use of a less trusted source (CWE-348). A remote unauthenticated attacker could trigger a tampered password-reset email. Documented impact: password reset email may be forged by exploiting the trusted source weakness. Public disc...

6.9CVSS7.5AI score0.00038EPSS

Exploits0References2

Japan Vulnerability Notes•added 2025/08/20 12:0 a.m.•4 views

JVN#76729865: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source（CWE-348） CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-53522 Open...

6.9CVSS7.8AI score0.00046EPSS

Exploits0

NVD•added 2024/06/21 4:15 p.m.•11 views

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1...

5.3CVSS0.00087EPSS

Exploits0References1

CVE•added 2024/06/21 3:56 p.m.•59 views

CVE-2022-44593

CVE-2022-44593 pertains to Solid Security (SolidWP) and is described as a Use of Less Trusted Source vulnerability that enables HTTP DoS. Public detail indicates the issue affects Solid Security versions up to 9.3.1, with the connected entry also referencing an IP Address Spoofing to Denial of Se...

5.3CVSS5.3AI score0.00087EPSS

Exploits0References1Affected Software1

OSV•added 2024/05/14 5:15 p.m.•0 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS5.8AI score0.00064EPSS

Exploits0References1

NVD•added 2024/05/14 5:15 p.m.•15 views

CVE-2024-23105

7.5CVSS7.7AI score0.00064EPSS

Exploits0References1

CVE•added 2024/05/14 4:19 p.m.•53 views

CVE-2024-23105

Fortinet FortiPortal contains a CWE-348 vulnerability (Use Of Less Trusted Source) that, in versions 7.0.0–7.0.6 and 7.2.0–7.2.1 , allows an unauthenticated attacker to bypass IP protection via crafted HTTP/HTTPS packets. The issue is described as bypassing IP access controls; impact is described...

7.5CVSS7AI score0.00064EPSS

Exploits0References1Affected Software1