36 matches found
PT-2026-53923
Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...
CVE-2026-34025
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...
CVE-2026-34025
CVE-2026-34025 affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The login flow derives the client IP from the HTTP X-Forwarded-For header when present, bypassing IP-based access restrictions tied to a branch location. An attacker with valid branch credentials can manipu...
PT-2026-49196
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...
CVE-2023-4895
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...
EUVD-2024-31728
Malicious code in bioql PyPI...
EUVD-2022-51659
Malicious code in bioql PyPI...
EUVD-2022-15380
Malicious code in bioql PyPI...
CVE-2025-5982 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...
CVE-2024-3127
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2022-1600
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...
CVE-2022-24112
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...
Gitlab -- vulnerabilities
Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...
FreeBSD : Gitlab -- Vulnerabilities (ed602f8b-15c2-11f0-b4e4-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed602f8b-15c2-11f0-b4e4-2cf05da270f3 advisory. Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actio...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actions on users behalf IP Restriction Bypass through GraphQL Subscription Unauthorized users can list the number of confidential issues Debugging Information Disclosed...
UBUNTU-CVE-2024-3127
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2024-3127 Improper Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...
CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...