Lucene search
+L

349 matches found

NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.28 views

CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.14 views

PT-2026-26410

Summary OpenClaw used left-most X-Forwarded-For values when requests came from configured trusted proxies. In proxy chains that append/preserve header values, this could let attacker-controlled header content influence security decisions tied to client IP. Affected Packages / Versions - Package:...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References8
CVE
CVE
added 2026/01/30 10:7 p.m.15 views

CVE-2020-37056

The CVE-2020-37056 entry concerns Crystal Shard http-protection 0.2.0, where an IP-spoofing flaw allows bypass of protection middleware by crafting headers. Specifically, attackers can set consistent values in X-Forwarded-For, X-Client-IP, and X-Real-IP to defeat checks and gain unauthorized acce...

9.8CVSS5.9AI score0.00537EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : kde-settings-19-23.9.el7, kde-workspace-4.11.19-13.el7, kdelibs-4.14.8-10.el7, kmag-4.10.5-4.el7, virtuoso-opensource-6.1.6-7.el7 (AXSA:2019-4210:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4210:01 advisory. kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element CVE-2018-6790 Tenable has extracted the preceding...

5.3CVSS5.6AI score0.02127EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:44 p.m.9 views

CVE-2005-1716

TOPo 2.2 2.2.178 stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses...

5CVSS6.6AI score0.01548EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.10 views

CVE-2023-4279

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

7.5CVSS6.6AI score0.0086EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.10 views

CVE-2023-4281

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

5.3CVSS6.6AI score0.00627EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.8 views

CVE-2018-19510

subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header...

9.8CVSS7.9AI score0.19992EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:44 a.m.9 views

CVE-2010-0384

Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log...

2.1CVSS6.5AI score0.00351EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 12:0 a.m.31 views

CVE-2025-65328

Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...

0.00227EPSS
Exploits1References2
Hacker One
Hacker One
added 2025/12/22 7:14 p.m.22 views

curl: HAProxy Connection Reuse leads to IP Spoofing and mTLS Context Smuggling

Executive Summary libcurl fails to respect the CURLOPTHAPROXYCLIENTIP configuration when reusing existing connections. Due to a missing check in the connection pooling logic, libcurl indiscriminately reuses a TCP/TLS connection established with a specific identity IP A for subsequent requests...

6.4AI score
Exploits0
NVD
NVD
added 2025/12/15 8:15 p.m.5 views

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

5CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 8:15 p.m.10 views

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

5CVSS5.7AI score0.00165EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/05 6:42 p.m.6 views

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the unconditional acceptance of attacker-supplied HTTP headers in the getclientip function. An attacker can manipulate server-visible metadata, logs, and authorization decisions by supplying...

6.9CVSS6.9AI score0.0024EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/05 6:20 p.m.25 views

CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

5.3CVSS0.0024EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47024

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C firmware versions up to and including 1.9.3 Description The Screen SFT DAB 600/C firmware has an issue with access control on the user management API. Unauthenticated requests can retrieve structured user data, including...

6.9CVSS6.4AI score0.00339EPSS
Exploits2References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18537

Malware in sbrugna...

5.3CVSS5.3AI score0.02127EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7826

Malware in sbrugna...

4.3CVSS4.8AI score0.02355EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2005-1718

Malware in sbrugna...

5CVSS6.4AI score0.01548EPSS
Exploits1References5
Rows per page
Query Builder