BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

SUSE CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Astra Linux - уязвимость в ntp

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14338)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...

CVE-2019-25388

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25388

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

CVE-2019-25388 Smoothwall Express 3.1 'ipblock.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...

SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...

RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

EUVD-2026-5219

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

Security update for openvpn (important)

openSUSE security update: security update for openvpn ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20137-1 Rating: important References: bsc1254486 Cross-References: CVE-2025-13086 CVSS scores: CVE-2025-13086 SUSE : 7.5...

OPENSUSE-SU-2026:20137-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

SUSE-SU-2026:20196-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

Astra Linux - уязвимость в openvpn

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...