Astra Linux - уязвимость в mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

CVE-2020-37056

The CVE-2020-37056 entry concerns Crystal Shard http-protection 0.2.0, where an IP-spoofing flaw allows bypass of protection middleware by crafting headers. Specifically, attackers can set consistent values in X-Forwarded-For, X-Client-IP, and X-Real-IP to defeat checks and gain unauthorized acce...

EUVD-2007-0965

Malware in sbrugna...

EUVD-2018-11199

Malware in sbrugna...

EUVD-2007-1957

Malware in sbrugna...

EUVD-2007-1169

Malware in sbrugna...

EUVD-2022-0159

Malicious code in bioql PyPI...

EUVD-2024-44444

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-4793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. CVE-2016-4793 Note that Nessus relie...

TencentOS Server 3: python39:3.9 (TSSA-2025:0340)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is hugeitimagegalleryajaxcallback...

IBM Aspera Shares Input Validation Error Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares, which stems from improper validation of the "Client-IP" header, and can be exploited by an attacker to spoof its IP address written to a log file...

CVE-2024-56473

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers...

CVE-2024-56473

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers...

CVE-2024-56473

CVE-2024-56473 affects IBM Aspera Shares 1.9.0 through 1.10.0 PL6. The root cause is improper verification of the Client-IP header, allowing an attacker to spoof their IP address and have it written to log files. According to the IBM Security Bulletin, remediation is to upgrade to IBM Aspera Shar...

CVE-2024-56473 IBM Aspera Shares Data Manipulation

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers...

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

BIT-MOD_WSGI-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...