EUVD-2026-30416

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

EUVD-2026-14500

AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr...

CVE-2025-71056

The CVE-2025-71056 entry concerns GCOM EPON 1GE ONU, version C00R371V00B01, with improper session management that allows session hijacking by spoofing the IP address of an authenticated user. The connected sources (NVD/CVE records) confirm the vulnerability description but do not provide specific...

CVE-2020-37056

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

CVE-2025-59101

CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...

Devy Mega-Fence 安全漏洞

Devy Mega-Fence is a middleware for traffic control and online queuing from Devy Korea. A security vulnerability exists in Devy Mega-Fence versions 25.1.914 and earlier, which stems from trusting the X-Forwarded-For header value and could lead to client-side IP spoofing...

CVE-2025-69203

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

1Panel 安全漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1Panel community. A security vulnerability exists in 1Panel version 2.0.14 and earlier, which stems from trusting all proxy IPs and could lead to IP spoofing and security control bypass...

PT-2025-49336

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle enqueue only function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2021-3772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the...

CVE-2022-4529

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can...

WordPress S.A.F plugin <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass vulnerability

IP Address Spoofing to Protection Mechanism Bypass vulnerability discovered by rezaduty in WordPress Plugin S.A.F versions = 2.3.5...

typecho 安全漏洞

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in typecho 1.3.0 and earlier versions, which stems from the inclusion of a client-side IP spoofing vulnerability that allows an attacker to spoof the IP address of an...

WordPress plugin Unlimited Elements For Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

JumpServer Security Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in JumpServer versions prior to 3.8.0 that stems from allowing an attacker to bypass password brute force protection by spoofing arbitrary IP addresses...

CVE-2022-1601

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...

WordPress plugin Brizy Page Builder 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE CVE-2005-1519

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups...

CVE-2022-4098

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

Wiesemann & Theis Com-Server Family 安全漏洞

The Wiesemann & Theis Com-Server Family is a family of serial device servers from Wiesemann & Theis, Germany. A security vulnerability exists in the Wiesemann & Theis Com-Server Family that stems from the ease of bypassing authentication via IP spoofing, where an unauthenticated attacker on the...