14 matches found
CVE-2026-4252
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function checkisipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and mig...
GHSA-Q37J-3367-FWV7 Apache HugeGraph-Server: RAFT and deserialization vulnerability
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
CVE-2025-26866
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
CVE-2025-26866
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
EUVD-2025-203068
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
Linux Distros Unpatched Vulnerability : CVE-2016-6624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server...
Authentication Bypass
Apache ZooKeeper is vulnerable to Authentication Bypass. The vulnerability is due to weak client IP address validation in IPAuthenticationProvider, where the Admin Server trusts the X-Forwarded-For HTTP header by default, allowing attackers to spoof their IP address and bypass IP-based...
SUSE CVE-2016-6624
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...
SUSE CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
DEBIAN-CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
UBUNTU-CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
Asus asuswrt Login User IP Authentication Insufficient Vulnerability
ASUSWRT, the unified firmware used by ASUS in its latest routers, is a web-based graphical user interface for ASUS routers. An insufficient IP authentication vulnerability exists in the HTTPd server for logged in users in 3.0.0.4.380.7743 and earlier versions of Asus asuswrt. An attacker with...
nfs-utils: Improper authentication of an incoming request when an IP based authentication used
The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...