346 matches found
EUVD-2023-57471
Malicious code in bioql PyPI...
EUVD-2022-37818
Malicious code in bioql PyPI...
EUVD-2023-57566
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-4793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. CVE-2016-4793 Note that Nessus relie...
CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL
ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...
CVE-2025-31698
ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...
TencentOS Server 3: python39:3.9 (TSSA-2025:0340)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Spoofing Attack
org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...
CVE-2024-29243
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpnclientip parameter at /apply.cgi...
CVE-2024-35538
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2022-34914
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...
CVE-2019-15726
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...
CVE-2016-11018
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is hugeitimagegalleryajaxcallback...
CVE-2002-2346
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses...
CVE-2024-0970
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...
DaaS - Client IP detection for Network Location Service
How is actual Client IP determined for Network location detection, when traffic from both internal and external Clients is routed through a Proxy? This is important when Clients access the Cloud Workspace through a Proxy, irrespective of Client's location - inside or outside corporate network...
CVE-2024-0970
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...
CVE-2024-0970 User Activity Tracking and Log < 4.1.4 - IP Spoofing
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...
PT-2025-21391
Name of the Vulnerable Software and Affected Versions: User Activity Tracking and Log WordPress plugin versions prior to 4.1.4 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers. Recommendations: For versions prior to 4.1.4,...