PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

CVE-2026-46356

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

PT-2026-41020

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...

SUSE-SU-2026:1740-1 Security update for python-Django

This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. - CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

UBUNTU-CVE-2025-66577

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

Google Golang Go HTTP Header Injection Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems. Google Golang Go suffers from an HTTP header injection vulnerability that could be exploited by remote attackers to inject HTTP headers into the server response, spoof the target user,...

libzmq Security Bypass Vulnerability

libzmq also known as ZeroMQ/C++ is a ZeroMQ lightweight messaging kernel core library. A security bypass vulnerability exists in libzmq. A remote attacker can exploit this vulnerability to perform a degradation attack via the ZMTP 2 and prior protocol headers to bypass the security mechanisms of...

Apple iOS multiple security vulnerabilities

Restrictions bypass, privilege escalation, headers spoofing, XXE, memory corruptions, information disclosure, DoS, traffic hijacking...

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

The Bat! mail agent headers spoofing

message/partial format alows to spoof message headers completely, making it impossible to track sender by Received or Message-ID headers...