Lucene search
+L

46 matches found

Snyk
Snyk
added 2026/07/02 1:50 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00463EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 4:17 p.m.19 views

CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/22 1:6 p.m.13 views

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.21 views

PT-2026-40647

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.5 views

CVE-2026-4252

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function checkisipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and mig...

10CVSS7AI score0.0126EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/23 6:45 p.m.2 views

CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities allow attackers to simulate gateways using address-based...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 1:16 a.m.12 views

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

6.5CVSS0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

Hono 数据伪造问题漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions 4.12.0 and 4.12.1 of Hono contain a data manipulation vulnerability. This vulnerability arises from the use of the AWS Lambda adapter after an application load balancer. In this context, the getConnInfo function...

8.2CVSS5.7AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 12:30 p.m.6 views

GHSA-Q37J-3367-FWV7 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

9.3CVSS8.6AI score0.00805EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 10:15 a.m.23 views

CVE-2025-26866

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS0.00805EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 9:23 a.m.6 views

EUVD-2025-203068

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.1AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 9:23 a.m.5 views

CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS6.6AI score0.00805EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.5 views

Phishing Webpage Detection: Unveiling the Threat Landscape and Investigating Detection Techniques

In the realm of cybersecurity, phishing stands as a prevalent cyber attack, where attackers employ various tactics to deceive users into gathering their sensitive information, potentially leading to identity theft or financial gain. Researchers have been actively working on advancing phishing...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-29662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

7.5CVSS7AI score0.02219EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-2408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain...

5.3CVSS5.4AI score0.00323EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-6624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server...

5.9CVSS7.2AI score0.02025EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/06/25 4:46 p.m.4 views

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS5.4AI score0.00299EPSS
Exploits0
OSV
OSV
added 2025/05/01 8:15 p.m.5 views

CVE-2025-46627

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...

8.2CVSS5.8AI score0.00357EPSS
Exploits1References2
Rows per page
Query Builder