CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

EUVD-2021-1332

Malware in sbrugna...

CVE-2025-6504

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be...

CVE-2024-29006

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

CVE-2025-31135

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

CVE-2025-31135

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

CVE-2023-46715

CVE-2023-46715 describes an origin validation error (CWE-346) in Fortinet FortiOS IPSec VPN that allows an authenticated VPN user with dynamic IP addressing to spoof another user’s IP by sending crafted packets. Affected products and versions are Fortinet FortiOS IPSec VPN 7.4.0–7.4.1 and 7.2.6 a...

Invision Power Board (IP.Board) 1.3.1 - Design Error

Invision Power Board IP.Board 1.3.1 - Design Error IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up...

Invision Power Board (IP.Board) < 1.3.1 - Design Error

IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage ...

NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability

NSSI-Research Labs Security Advisory http://www.nssolution.com Philippines / .ph "Maximum e-security" http://nssilabs.nssolution.com Sygate Personal Firewall 5.0 IP Spoofing Vulnerability Author: Abraham Lincoln Hao / SunNinja e-Mail: [email protected] / [email protected] Advisory Code:...