147 matches found
CVE-2025-7353
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...
CVE-2025-38501 ksmbd: limit repeated connections from clients with the same IP
In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated...
CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...
SUSE CVE-2025-49134
Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...
QUIC certificate check skip with wolfSSL
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
CVE-2023-0347
The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...
DRUPAL-CONTRIB-2025-047
The Restrict route by IP module provides an interface to manage route restriction by IP address. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that you need to know the route machine name...
The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...
Private Data Structure Returned From A Public Method
Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...
Apache Answer 安全漏洞
Apache Answer is a community platform of the Apache USA Foundation. An information disclosure vulnerability exists in Apache Answer 1.4.2 and earlier versions, which stems from a public method returning a private data structure, and can be exploited by an attacker to cause IP address disclosure...
Contec Health CMS8000 Patient Monitor 安全漏洞
The Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that stems from an update binary that attempts to install to a hard-coded routable IP address, thereby bypassing existing devi...
CVE-2025-0743
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP...
Apple iOS和iPadOS 安全漏洞
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS prior to 18.2 and iPadOS prior to 18.2, which stems from the fac...
The vulnerability of the “Allow Direct Connections” function in remote access and management software like AnyDesk allows a hacker to disclose protected information about the target system’s IP address.
The vulnerability of the “Allow Direct Connections” function in the remote access and management software AnyDesk is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information about the target system’s IP...
PT-2024-34316 · Unknown · Show Visitor Ip Address
Name of the Vulnerable Software and Affected Versions: Show Visitor IP Address versions 0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means an attacker can inject malicious...
The vulnerability of the Orchid Platform, related to the use of dangerous methods or functions, allows a hacker to obtain the server’s IP address.
The vulnerability of the Orchid Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain the server’s IP address through a brute-force attack...
PT-2024-7691 · Haproxy +2 · Haproxy +2
Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.9.x through 2.9.10 HAProxy versions 3.0.x through 3.0.4 HAProxy versions 3.1.x through 3.1-dev6 Description: The issue allows an attacker to open a 0-RTT session with a spoofed IP address, bypassing the IP allow/block list...
kernel: netfilter: tproxy: bail out if IP has been disabled on the device
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
Malicious code in google-play-store (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0f8bc12f61546bde84dd1d7a64519fcdc55ce875b71f3d8d848d2d5daa2248d This is a copy of https://pypi.org/project/play-scraper/ with added a very questionable "telemetry": in scraper.py, L90 sends the user hostname, IP and the exa...
CLSA-2024-1727374287 python3.9: Fix of CVE-2024-4032
CVE-2024-4032: fix missing and incorrect ip address ranges in privatenetwork variables...