CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...

5.9CVSS6.7AI score0.00026EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:44 a.m.•6 views

CVE-2023-41580

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...

7.5CVSS7.5AI score0.0056EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:27 a.m.•3 views

CVE-2023-4965

A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...

4.8CVSS6.8AI score0.00175EPSS

Exploits1

RedhatCVE•added 2025/05/23 3:22 a.m.•4 views

CVE-2023-24657

phpipam v1.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the closeClass parameter at /subnet-masks/popup.php...

6.1CVSS6AI score0.06014EPSS

Exploits3References1

RedhatCVE•added 2025/05/23 2:58 a.m.•2 views

CVE-2023-1212

Cross-site Scripting XSS - Stored in GitHub repository phpipam/phpipam prior to v1.5.2...

5.9CVSS6AI score0.00338EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:57 a.m.•1 views

CVE-2023-1211

SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2...

7.2CVSS8.2AI score0.00313EPSS

Exploits3References1

RedhatCVE•added 2025/05/23 2:56 a.m.•1 views

CVE-2023-0677

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...

6.1CVSS6.4AI score0.00325EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:56 a.m.•1 views

CVE-2023-0676

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1...

6.1CVSS6.1AI score0.00974EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:56 a.m.•1 views

CVE-2023-0678

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

7.5CVSS6.4AI score0.67615EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:37 a.m.•5 views

CVE-2022-41443

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...

9.8CVSS7.6AI score0.01569EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:29 p.m.•1 views

CVE-2022-1224

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS6.7AI score0.00226EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:29 p.m.•1 views

CVE-2022-1223

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS6.7AI score0.0029EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:22 p.m.•8 views

CVE-2022-1226

A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...

4.8CVSS6AI score0.00176EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by