2 matches found
PT-2026-40968
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and...
CVE-2026-29794
Vikunja (open-source self-hosted task management) before version 2.2.0 is affected by a rate-limit bypass vulnerability. The issue arises because rate-limiting is enforced using (echo.Context).RealIP, and unauthenticated requests can spoof headers X-Forwarded-For or X-Real-IP to bypass limits. Th...