Lucene search
K

6 matches found

CVE
CVE
added 2026/02/14 4:35 a.m.16 views

CVE-2026-0692

The CVE-2026-0692 entry concerns the BlueSnap Payment Gateway for WooCommerce WordPress plugin. Affected component: the plugin (up to version 3.3.0). Root cause: it validates IPN requests by relying on WooCommerce’s WC_Geolocation::get_ip_address(), which trusts user-controllable headers (e.g., X...

7.5CVSS5.9AI score0.00281EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/03 5:31 p.m.12 views

RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

8.7CVSS5.5AI score0.00211EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 4:6 p.m.29 views

CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

8.7CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1292

Name of the Vulnerable Software and Affected Versions Mega-Fence versions 25.1.914 and prior Description The software does not validate a trusted proxy chain when using the X-Forwarded-For XFF header to determine the client IP address. An attacker can manipulate the XFF header to spoof the client...

6.5CVSS6.5AI score0.00227EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2022/06/04 12:0 a.m.31 views

FreeBSD : Gitlab -- multiple vulnerabilities (f414d69f-e43d-11ec-9ea4-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f414d69f-e43d-11ec-9ea4-001b217b3468 advisory. - Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick...

9.9CVSS6.7AI score0.15471EPSS
Exploits1References10
FreeBSD
FreeBSD
added 2022/06/01 12:0 a.m.39 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick action commands susceptible to XSS IP allowlist bypass when using Trigger tokens IP allowlist bypass when using Project Deploy Tokens Improper authorization in the Interactive Web Terminal Subgroup member...

9.9CVSS1.7AI score0.15471EPSS
Exploits1References1
Rows per page
Query Builder