Lucene search
+L

556 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-47737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress...

7.5CVSS5.4AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43636

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References4
NVD
NVD
added 6 days ago7 views

CVE-2026-58488

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attackers to circumvent the rate-limiting of the /login and /register routes by spoofing IP addresses. HedgeDoc instances checked for CloudFlare's cf-connecting-ip header and used th...

6.9CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:26 p.m.21 views

CVE-2026-45045

Fiber (GoFiber) is affected by a vulnerability in BalancerForward where the proxy injects X-Real-IP using Header.Add() instead of Header.Set(), allowing an attacker-supplied value to be forwarded to upstreams. Affected versions before 3.3.0 and 2.52.14 are impacted; the issue is fixed in 3.3.0 an...

5.3CVSS5.9AI score0.00463EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/06/29 5:17 p.m.38 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:17 p.m.14 views

CVE-2026-57942

LibreTranslate (up to 1.9.7) contains an IP spoofing vulnerability in get_remote_address() that allows unauthenticated attackers to spoof client IPs via X-Forwarded-For values, bypassing per-IP rate limits and enabling unlimited API abuse. Fixed in commit 397fd22. Affected: LibreTranslate; remedi...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 5:17 p.m.5 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS6AI score0.00192EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/09 12:9 a.m.15 views

Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/04 5:16 p.m.20 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/26 12:0 a.m.20 views

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

9.2CVSS6.5AI score0.61469EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2026/05/25 7:43 a.m.15 views

CVE-2026-40460

A flaw was found in NGINX Plus and NGINX Open Source when configured to use the HTTP/3 QUIC module. A remote attacker could exploit this by spoofing their source IP address. This vulnerability allows for the bypass of authorization controls or rate limiting mechanisms, potentially leading to...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in golang-github-gin-gonic-gin

This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...

7.1CVSS7AI score0.01316EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 3:16 p.m.18 views

CVE-2026-43634

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

8.7CVSS0.00241EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:33 p.m.7 views

CVE-2026-43634

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

8.7CVSS6AI score0.00241EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/19 1:33 p.m.3 views

CVE-2026-43634 HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

8.7CVSS6.1AI score0.01072EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/19 1:33 p.m.15 views

EUVD-2026-30935

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

10CVSS6AI score0.01072EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

HestiaCP 安全漏洞

HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...

8.7CVSS5.9AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.8 views

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder