CVE-2026-33357

In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...

MiracleLinux 7 : kde-settings-19-23.9.el7, kde-workspace-4.11.19-13.el7, kdelibs-4.14.8-10.el7, kmag-4.10.5-4.el7, virtuoso-opensource-6.1.6-7.el7 (AXSA:2019-4210:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4210:01 advisory. kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element CVE-2018-6790 Tenable has extracted the preceding...

EUVD-2024-3230

Malicious code in bioql PyPI...

Exploit for CVE-2018-3149

log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...

Linux Distros Unpatched Vulnerability : CVE-2018-17780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop aka tdesktop 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe...

UBUNTU-CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

HTTP Client LAN IP Address Gather

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Client LAN IP Address Gather', 'Description' = %q This module retrieves a browser's network interface IP addresses using WebRTC. , 'License'...

BIT-GITLAB-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

MediaWiki < 1.23.16 Wiki Visitor IP Leakage

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.23.16, 1.24.x prior to 1.27.2 or 1.28.x prior to 1.28.1 . It is, therefore, affected by a flaw which may allow remote attackers to discover the IP addresses of Wiki Visitors via ...

MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.23.16, 1.24.x prior to 1.27.2 or 1.28.x prior to 1.28.1 . It is, therefore, affected by a flaw which may allow remote attackers to discover the IP addresses of Wiki Visitors via ...

MediaWiki 1.28.x < 1.28.1 Wiki Visitor IP Leakage

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.23.16, 1.24.x prior to 1.27.2 or 1.28.x prior to 1.28.1 . It is, therefore, affected by a flaw which may allow remote attackers to discover the IP addresses of Wiki Visitors via ...

Design/Logic Flaw

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

CVE-2021-32707 Bypass of image blocking in Nextcloud Mail

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

UBUNTU-CVE-2021-22169

An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages...

PT-2021-14884 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.4 and later Description: An issue was identified that leaked internal IP address via error messages. Recommendations: For GitLab EE versions 13.4 and later, at the moment, there is no information about a newer version th...

Design/Logic Flaw

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

Xiaomi: CORS Misconfiguration, could lead to disclosure of users information

This will result in the leakage of the users IP by exploiting this cors misconfiguration issue There is no impact...

UBUNTU-CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

WebRTC - Private IP Leakage (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Private IP Leakage to WebPage using WebRTC Function.", 'Description' = %q This module exploits a vulnerability in browsers using well-known...