Lucene search
K

4 matches found

OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.27 views

CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS0.00152EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 8:25 a.m.7 views

CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-34988

Name of the Vulnerable Software and Affected Versions: Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress versions through 11.58 Description: The plugin is susceptible to unauthorized data access due to an inadequate capability check within the...

6.5CVSS6.3AI score0.00332EPSS
Exploits0References7
Rows per page
Query Builder