Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/19 7:28 p.m.20 views

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.6 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 7:3 p.m.10 views

CVE-2026-46356 Fleet: IP spoofing allows bypassing API rate limiting

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32029

OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject malicious header...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32029 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing

OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject malicious header...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2026/03/03 10:17 p.m.5 views

GHSA-2RGF-HM63-5QPH OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions

Summary OpenClaw used left-most X-Forwarded-For values when requests came from configured trusted proxies. In proxy chains that append/preserve header values, this could let attacker-controlled header content influence security decisions tied to client IP. Affected Packages / Versions - Package:...

6.3CVSS5.9AI score0.00189EPSS
Exploits0References6
Veracode
Veracode
added 2026/02/18 10:8 a.m.7 views

IP Rate Limiting Bypass

misskey-js is vulnerable to an IP rate limiting bypass. The vulnerability is due to improper handling of the X-Forwarded-For header and an insecure default trustProxy configuration, which allows an attacker to forge client IP values and bypass rate-limiting controls...

6.9CVSS5.6AI score0.00285EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/05 12:0 a.m.4 views

EUVD-2026-0812

Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...

6.5CVSS6.5AI score0.00227EPSS
Exploits1References3
CVE
CVE
added 2025/12/05 6:20 p.m.21 views

CVE-2025-66577

cpp-httplib (C++11 single-file header) contains CVE-2025-66577. The issue arises from unconditional acceptance of client-controlled headers (X-Forwarded-For, X-Real-IP) in get_client_ip() within docker/main.cc, allowing spoofed client IPs to influence server-visible metadata, logging, and authori...

5.3CVSS6.3AI score0.00236EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.5 views

PT-2024-26529 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.3.0 Description: The issue allows attackers to falsify their IP addresses by specifying an arbitrary IP as the value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. This is a Client IP Spoofing issue...

5.3CVSS7.1AI score0.00591EPSS
Exploits3References8
OSV
OSV
added 2019/11/25 3:15 p.m.2 views

UBUNTU-CVE-2019-13680

Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections...

5.3CVSS7.2AI score0.00629EPSS
Exploits0References2
Rows per page
Query Builder