EUVD-2026-28944

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

EUVD-2022-35263

Malicious code in bioql PyPI...

InstantCMS 代码问题漏洞

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir

Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

Researcher Claims Hotspot Shield VPN Service Exposes You on the Internet

Virtual Private Network VPN is one of the best solutions you can have to protect your privacy and data on the Internet, but you should be more vigilant while choosing a VPN service which truly respects your privacy. If you are using the popular VPN service Hotspot Shield for online anonymity and...

Warning: Critical Tor Browser Vulnerability Leaks Users’ Real IP Address—Update Now

If you follow us on Twitter, you must be aware that since yesterday we have been warning Mac and Linux users of the Tor anonymity browser about a critical vulnerability that could leak their real IP addresses to potential attackers when they visit certain types of web pages. Discovered by Italian...

CVE-2008-6601

Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors...

CVE-2008-6601

Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors...

CVE-2002-0209

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing SLB and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the...

Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing

source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of webservers that are managed by an ACEdirector. When a client is...

Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing

Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of...