Lucene search
K

36 matches found

Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53923

Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...

9.3CVSS6AI score0.00412EPSS
Exploits0References9
NVD
NVD
added 2026/06/15 12:16 p.m.11 views

CVE-2026-34025

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS0.00283EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 10:3 a.m.15 views

CVE-2026-34025

CVE-2026-34025 affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The login flow derives the client IP from the HTTP X-Forwarded-For header when present, bypassing IP-based access restrictions tied to a branch location. An attacker with valid branch credentials can manipu...

5.3CVSS5.4AI score0.00283EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49196

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4895

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...

4.3CVSS6.5AI score0.00376EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/15 7:37 p.m.1 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...

6.9CVSS6.5AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31728

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00325EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-51659

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.00703EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15380

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00765EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 4:27 p.m.17 views

CVE-2025-5982 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...

3.7CVSS0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.10 views

CVE-2024-3127

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

4.3CVSS6.5AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.7 views

CVE-2022-1600

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

5.3CVSS6.7AI score0.00638EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.11 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.5AI score0.96182EPSS
Exploits16References1
FreeBSD
FreeBSD
added 2025/05/07 12:0 a.m.27 views

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

6.8CVSS7AI score0.0033EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.20 views

FreeBSD : Gitlab -- Vulnerabilities (ed602f8b-15c2-11f0-b4e4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed602f8b-15c2-11f0-b4e4-2cf05da270f3 advisory. Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actio...

7.5CVSS5.6AI score0.00354EPSS
Exploits2References7
FreeBSD
FreeBSD
added 2025/04/09 12:0 a.m.33 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actions on users behalf IP Restriction Bypass through GraphQL Subscription Unauthorized users can list the number of confidential issues Debugging Information Disclosed...

7.5CVSS6.8AI score0.00354EPSS
Exploits2References1
OSV
OSV
added 2024/08/22 4:15 p.m.3 views

UBUNTU-CVE-2024-3127

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

4.3CVSS5.7AI score0.00325EPSS
Exploits1References4
OSV
OSV
added 2024/08/22 3:31 p.m.15 views

CVE-2024-3127 Improper Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

4.3CVSS6.5AI score0.00325EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/06/04 12:43 p.m.12 views

CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS7AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 12:43 p.m.21 views

CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS5.3AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder