CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

DNN.PLATFORM is vulnerable to login IP filter bypass. The vulnerability is due to the ability to craft a special request or proxy, which allows an attacker to bypass IP-based access controls and perform unauthorized login attempts from disallowed IP addresses...

8.8CVSS7AI score0.00294EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/05/23 9:43 a.m.•6 views

CVE-2024-21494

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module /whoami API endpoint. This could lead to...

5.4CVSS5.3AI score0.00523EPSS

Exploits0References1

RedhatCVE•added 2025/05/11 5:7 p.m.•33 views

CVE-2025-1278

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...

7.5CVSS6.5AI score0.003EPSS

Exploits0References1

Vulnrichment•added 2025/05/09 4:13 p.m.•6 views

CVE-2025-1278 Insufficient Granularity of Access Control in GitLab

5.3CVSS5.1AI score0.003EPSS

Exploits0References2

Github Security Blog•added 2024/11/07 12:30 p.m.•6 views

Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

9.1CVSS7.9AI score0.00924EPSS

Exploits0References5Affected Software1

NVD•added 2024/07/09 4:15 p.m.•27 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS0.00467EPSS

Exploits0References1

Vulnrichment•added 2024/07/09 3:33 p.m.•41 views

CVE-2024-26015

3.4CVSS4.1AI score0.00467EPSS

Exploits0References1

Vulnrichment•added 2024/05/29 6:0 a.m.•19 views

CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

6.7AI score0.00565EPSS

Exploits2References1

Vulnrichment•added 2024/05/17 8:22 a.m.•14 views

CVE-2024-30479 WordPress LionScripts: IP Blocker Lite plugin <= 11.1.1 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

5.3CVSS7AI score0.00536EPSS

Exploits0References1

Veracode•added 2023/12/11 8:25 a.m.•13 views

IP Spoofing

caddy-geo-ip is vulnerable to IP Spoofing attacks. The vulnerability is due to insecure usage of the trustheader. When trustheader is configured, req.Remoteaddr is overwritten. This allows an attacker to bypass IP range restrictions, and spoof IP addresses through the X-Forwarded-For header...

6.5CVSS7AI score0.00655EPSS

Exploits0References3Affected Software1

CVE•added 2022/11/21 12:0 a.m.•65 views

CVE-2022-1581

CVE-2022-1581 affects the WordPress plugin WP-Polls prior to version 2.76.0. The vulnerability arises because the plugin prioritizes the visitor’s IP taken from certain HTTP headers over PHP’s REMOTE_ADDR, enabling bypass of IP-based voting restrictions in certain scenarios. According to connecte...

5.3CVSS5.1AI score0.0063EPSS

Exploits1References2Affected Software1

OpenVAS•added 2022/06/22 12:0 a.m.•41 views

Ubuntu: Security Advisory (USN-5487-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.90407EPSS

Exploits2References2

Ubuntu•added 2022/06/21 1:12 p.m.•182 views

USN-5487-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-26377 It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker...

9.8CVSS8.3AI score0.90407EPSS

Exploits2