Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/14 9:22 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

6.9CVSS5.7AI score0.0043EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 7:3 p.m.38 views

CVE-2026-46356

Fleet (open-source device management) before v4.80.1 is vulnerable: an IP extraction flaw lets unauthenticated attackers bypass per-IP rate limits by rotating headers like True-Client-IP, X-Real-IP, or X-Forwarded-For, enabling brute-force or credential stuffing on exposed instances. Root cause: ...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/25 4:47 p.m.85 views

CVE-2026-27739

CVE-2026-27739 affects Angular SSR, with an SSRF vulnerability in the request handling pipeline. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 allow unvalidated Host and X-Forwarded-* headers to influence base-origin URL construction, enabling arbitrary internal request steering via...

9.2CVSS5.8AI score0.00497EPSS
Exploits1References4
NVD
NVD
added 2026/02/12 2:16 p.m.7 views

CVE-2026-1320

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2025/12/08 11:50 p.m.21 views

CVE-2025-66204

WBCE CMS 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the password-guess counter by manipulating the X-Forwarded-For header on every request. The application fully trusts X-Forwarded-For without validation or restriction, effectively allowing unlimited p...

8.1CVSS6.6AI score0.00402EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder