Lucene search
+L

82 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0891

Malware in sbrugna...

7.5CVSS6.4AI score0.01406EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

Termix 安全漏洞

Termix is a server management platform for Karmaa individual developers. A security vulnerability exists in Termix 1.5.0 and earlier versions, which stems from an improperly configured Nginx reverse proxy that causes the backend to obtain the proxy IP instead of the client IP, potentially leaking...

9.2CVSS6.7AI score0.0465EPSS
Exploits1References2
OSV
OSV
added 2025/09/24 5:28 p.m.6 views

DRUPAL-CONTRIB-2025-111

This module allows you to specify an HTTP header name to determine the client's IP address. The module doesn't sufficiently handle all cases under the scenario if Drupal Core settings $settings'reverseproxy' is set to TRUE and $settings'reverseproxyaddresses' is configured. This vulnerability...

5.3CVSS6.7AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2025/09/08 8:45 p.m.5 views

GHSA-FQ34-XW6C-FPHF Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

7.5CVSS7AI score0.00406EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/08 8:45 p.m.21 views

Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

7.5CVSS7AI score0.00406EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-46169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a...

9.8CVSS10AI score0.99826EPSS
Exploits48References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-15726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary...

5.3CVSS5.8AI score0.01653EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.5 views

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

9.1CVSS6.7AI score0.00565EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS7.5AI score0.76618EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.7 views

PT-2024-26529 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.3.0 Description: The issue allows attackers to falsify their IP addresses by specifying an arbitrary IP as the value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. This is a Client IP Spoofing issue...

5.3CVSS7.1AI score0.00591EPSS
Exploits3References8
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.6 views

The vulnerability of the version/query_to_xml/inet_server_addr/inet_client_addr function in Apache Superset visualization software allows a hacker to bypass existing security restrictions.

The vulnerability of the version/querytoxml/inetserveraddr/inetclientaddr functions in Apache Superset visualization software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

4.3CVSS5.5AI score0.04433EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2024/06/26 12:15 a.m.13 views

CVE-2024-4869

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.1CVSS6AI score0.00377EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-40474 · Symfony · Symfony2

Name of the Vulnerable Software and Affected Versions: Symfony2 versions prior to the introduction of the fix Description: The issue arises when an application relies on the client IP address returned by the Request::getClientIp method for making sensitive decisions, such as IP-based access...

6.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.6 views

PT-2024-40336 · Symfony2 · Symfony2

Name of the Vulnerable Software and Affected Versions: Symfony2 versions prior to the fixed version Description: A security issue was found in the Request::getClientIp method when the trust proxy mode is enabled. This issue affects applications that use the client IP address for sensitive decisio...

5.9CVSS7.1AI score
Exploits0References6
OSV
OSV
added 2024/05/29 6:18 a.m.5 views

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

9.1CVSS5.8AI score0.00565EPSS
Exploits2References1
OSV
OSV
added 2024/04/25 8:15 p.m.5 views

CVE-2024-32324

Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpnclientip variable of the configvpnpptp function in rc program...

7.8CVSS6.1AI score0.00254EPSS
Exploits1References1
OSV
OSV
added 2024/02/23 11:7 a.m.4 views

OESA-2024-1198 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

6.5CVSS9.1AI score0.01126EPSS
Exploits1References2
OSV
OSV
added 2024/01/26 11:6 a.m.3 views

OESA-2024-1105 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map...

7.5CVSS8.6AI score0.03796EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.4 views

WordPress plugin Activity Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.00627EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2023/05/16 8:49 a.m.5 views

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

6.5CVSS6.6AI score0.01126EPSS
Exploits1References6
Rows per page
Query Builder