CVE-2026-42223

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

PT-2026-29092

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.6 Description An authentication bypass exists in the Model Context Protocol MCP integration of Nginx UI. The software exposes two HTTP endpoints: '/mcp' and '/mcp message'. While '/mcp' requires both IP...

EUVD-2026-2029

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

n8n: Webhook Node IP Whitelist Bypass via Partial String Matching

Impact The Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where...

PT-2024-17911 · Unknown · Electronic Official Document Management System

Name of the Vulnerable Software and Affected Versions: Electronic Official Document Management System affected versions not specified Description: The Electronic Official Document Management System has an Authentication Bypass issue. Although the product enforces an IP whitelist for the API used ...

Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.52 - Missing Authorization to Unauthenticated IP Address Whitelist

Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51...

Authorization Bypass

nilsteampassnet/teampass is vulnerable to authorization bypass. Sending an X-Forwarded-For client HTTP header to the getIp function allows any users with a valid API token to bypass IP address whitelist restrictions...

GHSA-FV48-HJHP-94C7 Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

The vulnerability in the web administration panel of Microprogrammed software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a hacker to add IP addresses to a white list.

The vulnerability of the web-based administration panel of Microprogramming software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 lies in insufficient verification of input parameters. Exploiting this vulnerability allows an attacker to add IP addresses to a white list using the...

CVE-2020-12477

The vulnerability CVE-2020-12477 affects TeamPass 2.1.27.36: the REST API allows any user with a valid API token to bypass IP address whitelisting by manipulating the X-Forwarded-For header when calling the getIp function. Multiple connected sources (Red Hat, Veracode, OSV, CNVD/CNVD-2020-27440, ...

JetBrains YouTrack Input Validation Error Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. An input validation error vulnerability exists in JetBrains YouTrack. An attacker could...

Newphoria applican framework authentication bypass vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. An authentication bypass vulnerability exists in Newphoria applican framework. This allows attackers to bypass the whitelist.xml URL whitelist...

NTT Broadband Platform Japan Connected-free Wi-Fi Application Security Bypass Vulnerability

NTT Broadband Platform Japan Connected-free Wi-Fi application for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. free Wi-Fi application for Android and iOS by NTT Broadband...

Huawei SmartAX MT880 - Multiple CSRF Vulnerabilities

No description provided by source. Description: Huawei MT880 is a device offered by the algerian telecom operator - FAWRI, to provide ADSL Internet connexion and it's already widely in use. Overview: Huawei MT880 firmware and its default configuration has flaws, which allows LAN users to gain...