PT-2026-47605

Name of the Vulnerable Software and Affected Versions Netty ionettyincubatorcodecquic affected versions not specified Description The NoQuicTokenHandler component fails to properly validate tokens when no specific token handler is set by the application. Specifically, the validateToken function...

PT-2026-24249

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

CVE-2025-71057

The CVE relates to an improper session management flaw in the D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 , enabling an attacker to perform a session hijack by spoofing the IP address of an authenticated user. The description specifies the affected device and the attack vector but p...

CVE-2025-71056

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user...

CVE-2025-65328

Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...

CVE-2025-69203

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

CVE-2025-69203

CVE-2025-69203 concerns Signal K Server

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

EUVD-2025-25812

Malicious code in bioql PyPI...

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

...

PT-2025-9671

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 136 Description The issue allows malicious websites to utilize a server-side redirect to an internal error page, resulting in a spoofed website URL. Recommendations For Firefox for iOS versions prior to 136,...

OESA-2024-2273 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: QUIC in HAProxy...

CVE-2024-49214

A flaw was found in HAProxy's QUIC listener. This vulnerability can allow an attacker to bypass the IP allow/block list via a spoofed IP address in a 0-RTT session. The attacker could exploit this by obtaining a TLS session ticket using their real IP, then initiating a 0-RTT session with a spoofe...

DEBIAN-CVE-2024-49214

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

AZL-50333 CVE-2024-49214 affecting package haproxy for versions less than 2.4.24-1

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

RHEL 5 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution...

TTLock Security Vulnerability

TTLock is a smart lock. A security vulnerability exists in the TTLock App that stems from not having proper authentication procedures in place to ensure proper device communication, resulting in an attacker being able to connect to a device with a spoofed MAC address, leading to a compromise of t...