Lucene search
+L

7 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-47737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress...

7.5CVSS5.4AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 8:50 a.m.9 views

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.16 views

SUSE CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/03 5:31 p.m.17 views

RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

8.7CVSS5.5AI score0.00211EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2007-1392

Malware in sbrugna...

6.8CVSS6.1AI score0.01864EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.7 views

SUSE CVE-2011-4138

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

5CVSS7AI score0.02341EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/02/27 12:0 a.m.46 views

Debian DLA-835-1 : cakephp security update

Dawid Golunski from legalhackers.com discovered that cakephp, an application development framework for PHP, contains a vulnerability that allows attackers to spoof the source IP address. It would allow them to bypass access control lists, or the injection of malicious data which, if treated as...

7.5CVSS7.8AI score0.05146EPSS
Exploits2References3
Rows per page
Query Builder