CVE-2026-45190

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists ACLs due to improper validation of IP address and CIDR Classless Inter-Domain Routing mask inputs. Specifically, inputs containing...

CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

CVE-1999-0161

In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering...

EUVD-2004-0600

Malware in sbrugna...

EUVD-2004-2588

Malware in sbrugna...

EUVD-2024-38503

Malicious code in bioql PyPI...

EUVD-2024-47119

Malicious code in bioql PyPI...

EUVD-2025-16185

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-40911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to...

CVE-2025-40910 Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally usi...

CVE-2025-46814

CVE-2025-46814 affects the FastAPI Guard library (pre-2.0.0) and describes an HTTP header injection via the X-Forwarded-For header. The underlying issue allows an attacker to inject arbitrary IP addresses into requests, potentially bypassing IP-based access controls, misleading logs, and imperson...

CVE-2024-10306

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

Linux Distros Unpatched Vulnerability : CVE-2021-29922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

PT-2024-31601 · H2O +1 · H2O +1

Name of the Vulnerable Software and Affected Versions: h2o affected versions not specified Description: The issue concerns an HTTP server that supports various HTTP versions. When specific conditions are met, such as receiving an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QU...

CVE-2024-5514

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

CVE-2024-5514

CVE-2024-5514 affects MinMax CMS by MinMax Digital Technology and involves a hidden administrative account with a fixed password that cannot be removed or disabled via the management interface. This allows remote attackers to bypass IP-based access controls and log in to the backend without being...

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

SOYAL 701 Server 9.0.1 - Insecure Permissions Vulnerability

Exploit Title: SOYAL 701 Server 9.0.1 - Insecure Permissions Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190322 8.0.6 181227...