Lucene search
K

35 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-58488 HedgeDoc: Rate-limit bypass via CF-Connecting-IP header spoofing

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attackers to circumvent the rate-limiting of the /login and /register routes by spoofing IP addresses. HedgeDoc instances checked for CloudFlare's cf-connecting-ip header and used th...

6.9CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-58488

CVE-2026-58488 affects HedgeDoc versions prior to 1.11.0. The vulnerability arises from the login/register rate-limit logic which, when a cf-connecting-ip header is present, uses that header instead of the user’s real IP—even if requests did not originate from Cloudflare. This allowed an attacker...

6.9CVSS6.2AI score0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50822

Name of the Vulnerable Software and Affected Versions Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT affected versions not specified Description An attacker within Bluetooth Low Energy BLE communication range can monopolize the only available BLE connection slot of the device. This...

7.1CVSS5.9AI score0.00222EPSS
Exploits0References10
Veracode
Veracode
added 2026/06/09 7:49 a.m.14 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 1:33 p.m.26 views

CVE-2026-43634 HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

8.7CVSS6AI score0.00241EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/19 1:33 p.m.15 views

EUVD-2026-30935

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

10CVSS6AI score0.01072EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 1:33 p.m.19 views

CVE-2026-43634

CVE-2026-43634 affects HestiaCP versions 1.2.0–1.9.4. The vulnerability is an IP spoofing flaw: unauthenticated attackers can send arbitrary IPs via the CF-Connecting-IP header, bypassing authentication controls and Cloudflare network verification. This can defeat fail2ban brute-force protections...

8.7CVSS6AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.37 views

CVE-2026-43226 net/rds: No shortcut out of RDS_CONN_ERROR

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

7.5CVSS0.00523EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/05/15 12:0 a.m.9 views

The vulnerability of operating systems iPadOS and iOS, related to access control errors, allows attackers to disclose confidential information.

The vulnerability of iPadOS and iOS operating systems is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose confidential information by connecting to the device...

5.3CVSS8AI score0.00465EPSS
Exploits0References3Affected Software2
Malwarebytes
Malwarebytes
added 2024/03/29 1:37 p.m.21 views

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didnt make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things youve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Ma...

7.1AI score
Exploits0
Fedora
Fedora
added 2023/07/23 1:24 a.m.31 views

[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

5.3CVSS5.6AI score0.00531EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.41 views

K85235351: cURL and libcurl vulnerability CVE-2016-8624

Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...

7.5CVSS7.5AI score0.05915EPSS
Exploits0Affected Software24
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.28 views

CVE-2022-33268

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

8.2CVSS8.4AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.20 views

CVE-2022-34210

A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS0.00574EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/21 12:0 a.m.15 views

PT-2020-18258 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.2 Description: The issue is caused by an error processing connecting applications, which can lead to a denial of service attack. Recommendations: For IBM MQ version 9.2, at the moment, there is no information about a newer...

7.5CVSS5.7AI score0.01695EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/12/14 7:38 p.m.47 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS6.4AI score0.03851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.31 views

ZeroMQ: Denial of service

Background Looks like an embeddable networking library but acts like a concurrency framework. Description It was discovered that ZeroMQ does not properly handle connecting peers before a handshake is completed. Impact An unauthenticated remote attacker able to connect to a ZeroMQ endpoint, even...

7.5CVSS2.4AI score0.03408EPSS
Exploits0
exploitpack
exploitpack
added 2019/12/02 12:29 p.m.63 views

null

A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...

0.5AI score
Exploits0
Oracle linux
Oracle linux
added 2017/08/07 12:0 a.m.29 views

gtk-vnc security, bug fix, and enhancement update

0.7.0-2 - Fix reserved data size rhbz 1416783 - Fix inverted args in tests rhbz 1416783 - Avoid sign extension problems rhbz 1416783 - Fix crash with opening via GSocketAddress rhbz 1416783 - Fix crash & error reporting during connection timeout rhbz 1441120 - Fix incompatibility with libvncserve...

9.8CVSS9AI score0.04985EPSS
Exploits2
NVD
NVD
added 2016/12/22 9:59 p.m.13 views

CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS6.1AI score0.01987EPSS
Exploits0References2
Rows per page
Query Builder