EUVD-2026-31558

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

CVE-2026-1149

CVE-2026-1149 affects Totolink LR350; the flaw is in the POST Request Handler’s /cgi-bin/cstecgi.cgi, in the setDiagnosisCfg function. Crafted input to the ip argument enables remote command injection. Exploit is publicly available and could be used, per sources. Affected version: 9.3.5u.6369_B20...

PT-2025-49397

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn ip results in basic cross site scripting. Remote exploitation of t...

EUVD-2022-37818

Malicious code in bioql PyPI...

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

PT-2025-21391

Name of the Vulnerable Software and Affected Versions: User Activity Tracking and Log WordPress plugin versions prior to 4.1.4 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers. Recommendations: For versions prior to 4.1.4,...

CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...

CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

PT-2023-31967 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: CleanTalk WordPress plugin versions prior to 2.121 Description: The issue allows an attacker to manipulate the client IP address retrieved by the Security & Malware scan, potentially bypassing bruteforce protection. This is due to the plugin...

VulnCheck KEV: CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

PT-2023-28596 · WordPress · Wp Activity Log

Name of the Vulnerable Software and Affected Versions: Activity Log WordPress plugin versions prior to 2.8.8 Description: The issue allows an attacker to manipulate the client IP address by exploiting the plugin's retrieval of IP addresses from potentially untrusted headers. This can be used to...

Stored XSS From Visitor to Acc Takeover

Description Using X-Forwarded-For Header Visitor can manipulate ip to trigger xss Proof of Concept 1.Visit any url and Add Header X-Forward-For: 127.0.0.1" 2.If admin check in dashboard xss will trigger Check This image...

CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

Linux/x86 - socket-proxy

No description provided by source. /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by Russell Sanford - [email protected] --------------------------------------------------------------------------- filename: x86-linux-bounce-proxy.c date:...