Lucene search
K

346 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-57471

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.0055EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-37818

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00974EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57566

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00653EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-4793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. CVE-2016-4793 Note that Nessus relie...

7.5CVSS7.5AI score0.05146EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/06/19 10:7 a.m.11 views

CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL

ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...

0.00448EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/06/19 10:7 a.m.16 views

CVE-2025-31698

ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...

7.5CVSS5.2AI score0.00448EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 3: python39:3.9 (TSSA-2025:0340)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS7.2AI score0.0069EPSS
Exploits1References2
Veracode
Veracode
added 2025/06/03 4:51 a.m.7 views

Spoofing Attack

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...

8.6CVSS6.6AI score0.0029EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 8:54 a.m.6 views

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpnclientip parameter at /apply.cgi...

9.8CVSS7.9AI score0.00817EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.8 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

5.3CVSS7.4AI score0.00591EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.7 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS7.4AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.13 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS7.2AI score0.00974EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.5 views

CVE-2019-15726

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...

5.3CVSS6.6AI score0.01653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:32 a.m.7 views

CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is hugeitimagegalleryajaxcallback...

9.8CVSS8AI score0.02417EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:38 p.m.5 views

CVE-2002-2346

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses...

5CVSS7AI score0.01388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.16 views

CVE-2024-0970

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

7.5CVSS6.7AI score0.0031EPSS
Exploits2References1
Citrix
Citrix
added 2025/05/16 12:0 a.m.14 views

DaaS - Client IP detection for Network Location Service

How is actual Client IP determined for Network location detection, when traffic from both internal and external Clients is routed through a Proxy? This is important when Clients access the Cloud Workspace through a Proxy, irrespective of Client's location - inside or outside corporate network...

7.1AI score
Exploits0
NVD
NVD
added 2025/05/15 8:15 p.m.24 views

CVE-2024-0970

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

5.3CVSS0.0031EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.10 views

CVE-2024-0970 User Activity Tracking and Log < 4.1.4 - IP Spoofing

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

7.5AI score0.0031EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.17 views

PT-2025-21391

Name of the Vulnerable Software and Affected Versions: User Activity Tracking and Log WordPress plugin versions prior to 4.1.4 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers. Recommendations: For versions prior to 4.1.4,...

5.3CVSS8.2AI score0.0031EPSS
Exploits2References6
Rows per page
Query Builder