Lucene search
K

4 matches found

OSV
OSV
added 2025/12/05 6:20 p.m.4 views

CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

5.3CVSS6.7AI score0.0024EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/01/30 12:0 a.m.6 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

7.5AI score0.00731EPSS
Exploits1References1
Prion
Prion
added 2019/06/30 3:15 p.m.18 views

Command injection

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

7.5CVSS9.8AI score0.02249EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/06/30 3:5 p.m.26 views

CVE-2019-11829

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

7.3CVSS9.9AI score0.02249EPSS
Exploits0References1
Rows per page
Query Builder