SUSE CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

CVE-2026-28295

CVE-2026-28295 affects the FTP GVfs backend. A flaw causes the client to unconditionally trust the PASV response from an FTP server, which may contain an arbitrary IP and port. The client then attempts to connect to that endpoint, enabling a malicious server to probe for open ports reachable from...

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

CVE-2023-36673

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...

CVE-2021-25042 WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS

The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude...

USN-4665-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing...