PT-2026-1292

Name of the Vulnerable Software and Affected Versions Mega-Fence versions 25.1.914 and prior Description The software does not validate a trusted proxy chain when using the X-Forwarded-For XFF header to determine the client IP address. An attacker can manipulate the XFF header to spoof the client...

CVE-2025-59951

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

PT-2025-40304

Name of the Vulnerable Software and Affected Versions Termix versions 1.5.0 and below Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. The official Docker image, when configured with an Nginx reverse proxy, incorrectly...

Race Condition

k8s.io/kubernetes is vulnerable to Race Condition. The vulnerability is caused due to Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this...

GO-2022-0617 WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

This report has been withdrawn from the Go vulnerability database with reason: "Low severity issue with no fix available or planned. Likely to cause false positives."...

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

PhantomCrawler - Boost Website Hits By Generating Requests From Multiple Proxy IPs

PhantomCrawler allows users to simulate website interactions through different proxy IP addresses. It leverages Python, requests, and BeautifulSoup to offer a simple and effective way to test website behaviour under varied proxy configurations. Features: Utilizes a list of proxy IP addresses from...

CVE-2023-36456 Authentik lacks Proxy IP headers validation

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

CVE-2023-36456 Authentik lacks Proxy IP headers validation

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- sNews = 1.5.30 unauthorized access / reset admin pass / cmd exec exploit by rgod dork: "Barbecued by sNews" mail: retrog at alice dot it site: http://retrogod.altervista.org...

Utopia News Pro <= 1.1.3 (news.php) SQL Injection Exploit

No description provided by source. ?php bif magic quotes off -SQL INJECTION: /str0ke 3.10 07/10/2005 utopiaxpl.php Utopia News Pro 1.1.3 possibly prior versions SQL Injection / Administrative credentials disclosure by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...