EUVD-2024-16538

Malicious code in bioql PyPI...

PT-2024-31073 · Apple · Ios +4

Name of the Vulnerable Software and Affected Versions: macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Safari versions prior to 18.2 iPadOS versions prior to 17.7.3 Description: The issue was addressed with improved routing of Safari-originated...

Yuga Labs: Origin IP Exposed waf bypass

The origin IP address of the website was exposed, allowing bypassing of the anti-DDoS mechanism in place, such as Cloudflare. This could have enabled access to the service without going through the web application firewall, potentially leading to unfiltered payloads being forwarded to the service...

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

CVE-2018-18365

Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic...

UBUNTU-CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

UBUNTU-CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...