Lucene search
K

4 matches found

Hacker One
Hacker One
added 2026/05/16 9:24 p.m.120 views

curl: Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context to persist across transfers

Summary: libcurl's connection pool match logic does not include the CURLOPTHAPROXYPROTOCOL setting or the CURLOPTHAPROXYCLIENTIP value in its connection match key. Two transfers issued through the same Curleasy or via a shared connection cache CURLLOCKDATACONNECT therefore share one TCP connectio...

7.5CVSS7AI score0.00715EPSS
Exploits9
CVE
CVE
added 2026/05/14 7:3 p.m.39 views

CVE-2026-46356

Fleet (open-source device management) before v4.80.1 is vulnerable: an IP extraction flaw lets unauthenticated attackers bypass per-IP rate limits by rotating headers like True-Client-IP, X-Real-IP, or X-Forwarded-For, enabling brute-force or credential stuffing on exposed instances. Root cause: ...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/01 6:37 p.m.5 views

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

6.3CVSS5.8AI score0.00272EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.5 views

SUSE CVE-2022-46169

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

9.8CVSS10AI score0.99826EPSS
Exploits48References4
Rows per page
Query Builder