Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26910 | 1 Microsoft | 1 Skype For Business Server | 2024-08-03 | 5.3 Medium |
| Skype for Business and Lync Spoofing Vulnerability | ||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2024-08-03 | 7.4 High |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | ||||
| CVE-2022-24858 | 1 Nextauth.js | 1 Next-auth | 2024-08-03 | 6.1 Medium |
| next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`. | ||||
| CVE-2022-24112 | 1 Apache | 1 Apisix | 2024-08-03 | 9.8 Critical |
| An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. | ||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2024-08-03 | 7.5 High |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | ||||
| CVE-2022-21142 | 1 Appleple | 1 A-blog Cms | 2024-08-03 | 9.8 Critical |
| Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | ||||
| CVE-2022-4746 | 1 Wpmanageninja | 1 Fluentauth | 2024-08-03 | 7.5 High |
| The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | ||||
| CVE-2022-4550 | 1 User Activity Project | 1 User Activity | 2024-08-03 | 7.5 High |
| The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | ||||
| CVE-2022-4303 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2024-08-03 | 7.5 High |
| The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | ||||
| CVE-2022-4098 | 1 Wut | 32 Com-server 20ma, Com-server 20ma Firmware, Com-server \+\+ and 29 more | 2024-08-03 | 8 High |
| Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device. | ||||
| CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2024-08-03 | 6.7 Medium |
| It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | ||||
| CVE-2022-2324 | 1 Sonicwall | 1 Email Security | 2024-08-03 | 7.5 High |
| Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | ||||
| CVE-2022-2368 | 1 Microweber | 1 Microweber | 2024-08-03 | 6.5 Medium |
| Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | ||||
| CVE-2022-2310 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2024-08-03 | 10 Critical |
| An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. | ||||
| CVE-2022-1495 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | ||||
| CVE-2022-1306 | 1 Google | 1 Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-1307 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-1129 | 1 Google | 2 Android, Chrome | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2023-52176 | 2024-08-02 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. | ||||
| CVE-2023-51667 | 2024-08-02 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2. | ||||