147 matches found
CVE-2021-47894
CVE-2021-47894 affects Managed Switch Port Mapping Tool 2.85.2. A DoS allows an attacker to crash the application by pasting a 10,000-character buffer into the IP Address and SNMP Community Name fields, exploiting an oversized-buffer condition. The vulnerability impacts availability and is local ...
CVE-2021-47894 Managed Switch Port Mapping Tool 2.85.2 - Denial of Service
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000839)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000839 advisory. The rdsibxmit function in net/rds/ibsend.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001786)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001786 advisory. The rdsibxmit function in net/rds/ibsend.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to...
CVE-2025-68949 n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...
CVE-2021-31552
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account and not...
MAL-2025-192961 Malicious code in awsutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 86d4af9fafbcfb6e3789a38b426c744e4ac67da10eb1fa225be3a715189fb1c2 Dependency confusion research package with advanced module-mocking --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also...
CVE-2025-29228
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter...
CVE-2023-53969 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Password Change
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...
Red Hat OpenShift 代码问题漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A code issue vulnerability exists in Red Hat OpenShift that stems from a lack of IP address and network range validation, which could...
PT-2025-51683
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions...
CVE-2025-11707
CVE-2025-11707 – Login Lockdown & Protection (WordPress) : A vulnerability in all versions up to and including 2.14 allows unauthenticated attackers who have access to an admin email to generate valid unblock keys for their IP, bypassing IP blocks after failed logins due to insufficient randomnes...
CVE-2021-47703
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...
CVE-2025-54326
An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service...
CVE-2025-54326
An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service...
CVE-2025-64126
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
CVE-2025-12039
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
PT-2025-47580
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025 07 21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...