CVE-2026-57942

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

CVE-2026-57942

LibreTranslate (up to 1.9.7) contains an IP spoofing vulnerability in get_remote_address() that allows unauthenticated attackers to spoof client IPs via X-Forwarded-For values, bypassing per-IP rate limits and enabling unlimited API abuse. Fixed in commit 397fd22. Affected: LibreTranslate; remedi...

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

beez (=0.0.1), chellow (>=2631.0.0 <=2679.0.0) +2 more potentially affected by CVE-2022-31015 via waitress (=2.1.1)

waitress PYPI version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on waitress and may be impacted: - beez =0.0.1 - chellow =2631.0.0, =13.0.0, =13.2.0 - libretranslate =1.2.9 Source cves: CVE-2022-31015 Source advisory: OSV:GHSA-F5X9-8JWC-25RW...