CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

CVE-2026-2675

RTI Connext Professional (Security Plugins) is affected by CVE-2026-2675: Missing Authentication for a Critical Function. Affected Connext Professional versions include 5.3.* before 5.3., 6.0. before 6.0., 6.1. before 6.1.*, 7.0.0 before 7.3.1.3, and 7.4.0 before 7.7.0. The CVSS 4.0 base score is...

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2026-9380

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

CVE-2026-27444 Header Email Address Parsing

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

CVE-2026-27444 Header Email Address Parsing

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

EUVD-2007-1253

Malware in sbrugna...

EUVD-2025-3076

Malicious code in bioql PyPI...

CVE-2024-7596 Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet

Proposed Generic UDP Encapsulation GUE IETF Draft do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can ...

The vulnerability of packet tunneling protocols for IPv4-to-IPv6 and IPv6-to-IPv4 protocols arises from insufficient checks on the source of the communication channel. This allows attackers to execute attacks such as “spoofing of trusted objects”.

The vulnerability of IPv4-to-Ipv6 and IPv6-to-Ipv4 tunneling protocols is related to insufficient checks on the source of the communication channel. Exploiting this vulnerability allows a remote attacker to execute “host object substitution” attacks by sending a specially crafted packet with two ...

SUSE CVE-2024-7596

Proposed Generic UDP Encapsulation GUE IETF Draft do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can ...

PT-2025-1235 · Gre +1 · Gre +1

Name of the Vulnerable Software and Affected Versions: GRE and GRE6 protocols RFC2784 affected versions not specified Description: The GRE and GRE6 protocols do not validate or verify the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network...

CVE-2020-7363

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

TCP SYN Flooder

A simple TCP SYN flooder This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP SYN Flooder', 'Description' = 'A simple TCP SYN flooder', 'Author' = 'kris katterjohn', 'License' = MSFLICENSE...

CVE-2007-1256

CVE-2007-1256 affects Mozilla Firefox 2.0.0.2. A malicious page can spoof the address bar, favicons, and document source by repeatedly setting document.location in the onunload attribute when navigating to another site, a variant of CVE-2007-1092. Affected component: Firefox; vulnerable behavior:...

GLSA-200503-32 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-32 Mozilla Thunderbird: Multiple vulnerabilities The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete...

Download dialog source spoofing — Mozilla

The true source of a download can be disguised by using a host name long enough that the most significant parts are truncated. Spoofing can be made even more convincing on windows if the subdomain labels contain a string of non-breaking space characters...

Install source spoofing with user:pass@host — Mozilla

The installation confirmation dialog shows the source of the software. By adding a long, fake "user:pass" in front of the true hostname the user might be convinced to trust software that comes from an untrustworthy source. This is similar to attempts used in some phishing mail:...