Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.10 views

CVE-2026-42223

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

6.5CVSS5.7AI score0.00295EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.24 views

Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.52 - Missing Authorization to Unauthenticated IP Address Whitelist

Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51...

6.5CVSS6.7AI score0.00378EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2021/07/28 4:44 a.m.24 views

Authorization Bypass

nilsteampassnet/teampass is vulnerable to authorization bypass. Sending an X-Forwarded-For client HTTP header to the getIp function allows any users with a valid API token to bypass IP address whitelist restrictions...

7.5CVSS3AI score0.01803EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/07/26 9:20 p.m.17 views

GHSA-FV48-HJHP-94C7 Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

7.5CVSS7.5AI score0.01803EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/07/26 9:20 p.m.43 views

Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

7.5CVSS2.7AI score0.01803EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/04/29 9:49 p.m.71 views

CVE-2020-12477

The vulnerability CVE-2020-12477 affects TeamPass 2.1.27.36: the REST API allows any user with a valid API token to bypass IP address whitelisting by manipulating the X-Forwarded-For header when calling the getIp function. Multiple connected sources (Red Hat, Veracode, OSV, CNVD/CNVD-2020-27440, ...

7.5CVSS7.5AI score0.01803EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder