Lucene search
K

17 matches found

OSV
OSV
added 2 days ago2 views

GHSA-7CFM-PQRJ-XGQ7 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

Summary The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the...

7.3CVSS6AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Better Auth 安全漏洞

Better Auth is an open-source TypeScript framework for authentication. Versions of Better Auth prior to 1.4.17 and 1.5.0-beta.9 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP rate limiter, which keyed each request based on the exact text IP address in the...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.8CVSS5.9AI score0.00468EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 9:17 p.m.2 views

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.8CVSS0.00468EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 8:56 p.m.4 views

EUVD-2026-16415

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS5.9AI score0.00468EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 8:56 p.m.26 views

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS0.00468EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 8:56 p.m.2 views

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS5.9AI score0.00468EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-28503

Name of the Vulnerable Software and Affected Versions Outline versions 0.86.0 through 1.5.9 Description Outline is a service that allows for collaborative documentation. It uses an Email OTP login flow for users not associated with an Identity Provider. Versions of Outline between 0.86.0 and 1.5....

9.1CVSS5.9AI score0.00468EPSS
Exploits1References6
OSV
OSV
added 2026/03/03 10:27 p.m.3 views

CVE-2026-27981 HomeBox has an Auth Rate Limit Bypass via IP Spoofing

HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter authRateLimiter tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3. r.RemoteAddr TCP connection...

7.4CVSS5.8AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.5 views

PT-2025-47523

Name of the Vulnerable Software and Affected Versions FileCodeBox versions up to 2.2 Description A flaw exists in the IPRateLimit implementation of FileCodeBox. This allows remote attackers to circumvent ip-based rate limit protection and failed attempt restrictions by manipulating the X-Real-IP...

6.4AI score0.0036EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.6 views

CVE-2024-52796

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS6.2AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 10:15 a.m.4 views

CVE-2025-0752

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

7.1CVSS5.7AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

Red Hat OpenShift Service Mesh 环境问题漏洞

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...

6.3CVSS6.6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/21 9:21 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a bypass of the rate limiter, by forging proxy headers. An attacker can send unlimited traffic to the site. Note: See this documentation, if the IP address of a remote proxy needs to be authorized. Workaroun...

6.9CVSS7.1AI score0.00522EPSS
Exploits0References2
NVD
NVD
added 2024/11/20 5:15 p.m.7 views

CVE-2024-52796

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS0.00522EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/20 4:15 p.m.13 views

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS5.2AI score0.00522EPSS
Exploits0References3
CVE
CVE
added 2024/11/20 4:15 p.m.50 views

CVE-2024-52796

CVE-2024-52796 affects Password Pusher (open source web app). In versions before v1.49.0, the configurable rate limiter could be bypassed by forging proxy headers, allowing an attacker to send unlimited traffic and potentially cause a denial of service. The fix in v1.49.0 restricts proxy authoriz...

5.3CVSS5.1AI score0.00522EPSS
Exploits0References3
Rows per page
Query Builder