CVE-2024-23105

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-348
View all →

Vulnerability Description

A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.

Related Vulnerabilities

CVE-2022-2255

HIGH
CVSS:7.5(High)

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application ...

CWE-3482022

CVE-2025-27913

LOW
CVSS:7.5(High)

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack...

CWE-3482025

CVE-2025-47424

HIGH
CVSS:7.1(High)

Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.

CWE-3482025

CVE-2021-21374

HIGH
CVSS:8.1(High)

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verif...

CWE-3482021

CVE-2022-4532

MEDIUM
CVSS:6.5(Medium)

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Addr...

CWE-3482022

CVE-2025-1245

MEDIUM
CVSS:6.5(Medium)

Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view componen...

CWE-3482025