39 matches found
SUSE CVE-2026-28295
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...
CVE-2026-28295
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...
CVE-2026-28295
CVE-2026-28295 affects the FTP GVfs backend. A flaw causes the client to unconditionally trust the PASV response from an FTP server, which may contain an arbitrary IP and port. The client then attempts to connect to that endpoint, enabling a malicious server to probe for open ports reachable from...
CVE-2026-28295
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...
CVE-2024-41432
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...
GO-2025-4068 Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula
Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula...
Improper Certificate Validation
Dragonfly is vulnerable to Improper Certificate Validation. The vulnerability is due to the Manager’s Certificate gRPC service not verifying whether the requested IP addresses belong to the requesting peer, which allows an attacker to obtain valid TLS certificates for arbitrary IP addresses and...
EUVD-2013-2137
Malware in sbrugna...
EUVD-2024-54700
Malicious code in bioql PyPI...
DragonFly's manager generates mTLS certificates for arbitrary IP addresses
Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...
CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not...
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting
The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajaxruntool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WordPress Plugin coreActivity 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in WordPre...
CVE-2024-24818 EspoCRM weakness in "Forgot password"
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
CVE-2024-24818 EspoCRM weakness in "Forgot password"
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
Debian dla-3734 : openvswitch-common - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3734 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3734-1 [email protected] https://www.debian.org/lts/security/...
SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:4666-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4666-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...
SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:4571-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4571-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...
CVE-2023-5366
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...
CVE-2023-5366
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...