549 matches found
CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...
CVE-2026-57942
LibreTranslate (up to 1.9.7) contains an IP spoofing vulnerability in get_remote_address() that allows unauthenticated attackers to spoof client IPs via X-Forwarded-For values, bypassing per-IP rate limits and enabling unlimited API abuse. Fixed in commit 397fd22. Affected: LibreTranslate; remedi...
Astra Linux – Vulnerability in golang-github-gin-gonic-gin
This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...
CVE-2026-50266
In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...
Important: nginx
Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-40460
A flaw was found in NGINX Plus and NGINX Open Source when configured to use the HTTP/3 QUIC module. A remote attacker could exploit this by spoofing their source IP address. This vulnerability allows for the bypass of authorization controls or rate limiting mechanisms, potentially leading to...
CVE-2026-43634
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...
EUVD-2026-30935
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...
CVE-2026-43634
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...
HestiaCP 安全漏洞
HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...
BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-46356 Fleet: IP spoofing allows bypassing API rate limiting
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...
SUSE CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Linux Distros Unpatched Vulnerability : CVE-2026-40460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass ...
CVE-2026-40460
CVE-2026-40460 affects NGINX Plus ngx_quic_module and NGINX Open Source when HTTP/3 QUIC is enabled. An attacker could spoof the source IP to bypass authorization or rate limiting, potentially enabling unauthorized access or DoS. Remediation per the connected advisory: upgrade to vulnerable-produ...
CVE-2026-40460 NGINX ngx_quic_module vulnerability
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000161068: NGINX ngx_quic_module vulnerability CVE-2026-40460
Security Advisory Description When NGINX Plus or NGINX Open Source is configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. CVE-2026-40460 Impact This vulnerability allows a remote,...