33377 matches found
GHSA-MXMP-WR3W-RVQX Fleet: IP spoofing allows bypassing API rate limiting
Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...
Fleet has a rate limiting bypass via untrusted client IP headers
Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a clientβs public IP address using HTT...
GHSA-J8H8-75H3-JG53 Fleet has a rate limiting bypass via untrusted client IP headers
Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a clientβs public IP address using HTT...
CVE-2026-43644
CVE-2026-43644 affects podinfo up to version 6.11.2. The vulnerability is a reflected XSS in the /echo and /api/echo endpoints, caused by the echoHandler writing the request body to the response without setting explicit Content-Type or X-Content-Type-Options headers. Goβs content-type detection m...
EUVD-2026-30275
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
BIT-TOMCAT-2026-42498 Apache Tomcat: WebSocket authentication header exposure
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468
Summary (facts from sources): CVE-2026-8468 describes an unbounded memory accumulation in multipart header parsing within Elixir Plug (plug_project) andCowboy-derived code. The root cause is in plug_multipart:parse_headers/2 (and read_part_headers/2 in lib/plug/conn.ex) which accumulates incoming...
EEF-CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Summary Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-3718 ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting via 'MWP-Key-Name' Header
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
EUVD-2026-30246
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is affected by CVE-2026-3718: Stored Cross-Site Scripting via the MWP-Key-Name HTTP header in all versions up to 4.9.31. Root cause: insufficient input sanitization and output escaping of attacker-controlled header values. Impact: unauthenticated attackers...
CVE-2026-8181
The Burst Statistics β Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
The Burst Statistics β Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
CVE-2026-8181
CVE-2026-8181 affects Burst Statistics β Privacy-Friendly WordPress Analytics (v3.4.0β3.4.1.1). Root cause: is_mainwp_authenticated() passes authentication when wp_authenticate_application_password() returns null outside the REST API, because the code only checks for WP_Error. This allows an unau...
EUVD-2026-30242
The Burst Statistics β Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
The Burst Statistics β Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...