Lucene search
K

65 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-46592

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

6AI score0.00396EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41836

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

7.5CVSS6AI score0.00396EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-47825

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:46 p.m.4 views

GHSA-5W86-C3RQ-VJJ7 Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length

Summary RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken from the wire before the corresponding child messages exist. A small malicious header can claim a huge initial capacity. Details The...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 12:0 a.m.8 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 1:13 p.m.7 views

GHSA-J8H8-75H3-JG53 Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

6.9CVSS6.6AI score0.0043EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.63 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.4 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS5.1AI score0.00321EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/30 12:0 a.m.3 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

9.8CVSS5.8AI score0.00321EPSS
Exploits0
OSV
OSV
added 2026/03/25 7:54 p.m.10 views

GHSA-8P2X-5CPM-QRQW AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

Summary The getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-based access controls or audit logging. Vulnerable Code File:...

5.3CVSS5.9AI score0.00175EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/25 7:54 p.m.6 views

AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

Summary The getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-based access controls or audit logging. Vulnerable Code File:...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 6:45 p.m.2 views

CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 6:45 p.m.21 views

CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...

5.3CVSS0.00175EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:45 p.m.13 views

CVE-2026-33690

WWBN AVideo (open source video platform) versions up to 26.0 contain a vulnerability in getRealIpAddr() in objects/functions.php that trusts user-controlled HTTP headers to derive the client IP. An attacker can spoof their IP by sending forged headers, potentially bypassing IP-based access contro...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00821EPSS
Exploits2References18
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.1 views

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS5.8AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

6.9CVSS5.8AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

8.2CVSS6AI score0.00374EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.3 had a data manipulation vulnerability. This vulnerability stemmed from improper authentication in webhook verification, which could allow remote attackers to bypass the verification by using...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3
Rows per page
Query Builder