CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

PT-2025-37944

CVE-2025-55114 The improper order of AUTHORIZED CTM IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is comp… https://t.co/fWLWGzQZaz...

MikroTik RouterOS <= 7.19.3 Access Control Vulnerability

MikroTik RouterOS is prone to an access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"...

CVE-2024-0789

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

User Impersonation

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to User Impersonation in the AddJellyfinApi function, due to the improper validation of IP addresses at the /System/Restart...

CVE-2024-13666 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for...

openSUSE Security Advisory (SUSE-SU-2025:0861-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2011-3187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP...

CVE-2024-0789 WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

CVE-2023-20275

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper...

Maspik – Spam blacklist < 0.10.4 - IP Validation Bypass

Description The plugin does not properly validates IP addresses, allowing unauthenticated attackers to bypass IP-based restrictions...

SUSE CVE-2021-33571

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

CVE-2022-1581 WP-Polls < 2.76.0 - IP Validation Bypass

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

CVE-2022-1581 WP-Polls < 2.76.0 - IP Validation Bypass

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

WordPress WP-Polls plugin <= 2.75.6 - IP Validation Bypass vulnerability

IP Validation Bypass vulnerability discovered by Daniel Ruf in WordPress WP-Polls plugin versions = 2.75.6. Solution Update the WordPress WP-Polls plugin to the latest available version at least 2.76.0...

WP-Polls < 2.76.0 - IP Validation Bypass

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky also known as Thallium, Black Banshee and Velvet Chollima is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media a...

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

GHSA-6GWW-QPM6-MC2G Server-Side Request Forgery in ssrf-agent

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...

CVE-2021-23718

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...