Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References6
OSV
OSV
added 2026/06/18 5:22 p.m.9 views

GHSA-GFJ5-979R-92PW @acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

9.3CVSS5.5AI score0.00543EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.26 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/18 12:0 a.m.43 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-44118

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

8.5CVSS5.8AI score0.00112EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-38251

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description OpenClaw derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can bypass owner-gated operations by manipulating the...

8.5CVSS6AI score0.00112EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-7523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only...

8.1CVSS7.2AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2022/11/21 11:15 a.m.5 views

CVE-2022-1579

The function checkisloginpage uses headers for the IP check, which can be easily spoofed...

7.5CVSS5.8AI score0.00664EPSS
Exploits2References1
Veracode
Veracode
added 2021/10/07 10:16 a.m.22 views

Spoofable Contents

chromium-browser:bionic is spoofable . Inappropriate implementation allows a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS3.1AI score0.00658EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2021/09/15 2:4 a.m.32 views

Spoofable Security UI

chromium:edge has spoofable security UI. Inappropriate implementation in Autofill in Google Chrome allowed a remote attacker to spoof security UI via a crafted HTML page...

6.5CVSS2.5AI score0.03468EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2021/09/02 1:10 a.m.25 views

Spoofable Contents

chromium:edge has spoofable content. Incorrect security UI in Navigation in Google Chrome on Android allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS2.6AI score0.01718EPSS
Exploits1References9Affected Software2
CNNVD
CNNVD
added 2021/08/19 12:0 a.m.14 views

Icinga 信任管理问题漏洞

Icinga is a scalable server, network resource monitoring system from Icinga, Germany. Icinga suffers from a trust management issue vulnerability that stems from instances of the application connecting to any of the mentioned time-series databases via spoofable infrastructure using TLS...

7.5CVSS7AI score0.0142EPSS
Exploits0References8
Veracode
Veracode
added 2021/06/19 8:48 p.m.12 views

Spoofable Relay

tor:sid is vulnerable to spoofable relays. Relays could spoof RELAYEND or RELAYRESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it...

7.5CVSS6.5AI score0.02721EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2021/04/21 6:13 p.m.43 views

Spoofable Secure Lock Icon

firefox:sid is using spoofable Secure Lock icon. Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page...

6.5CVSS7.1AI score0.00554EPSS
Exploits0References5Affected Software9
Veracode
Veracode
added 2021/03/25 1:22 a.m.26 views

Information Disclosure Via Spoofable Website

firefox is vulnerable to information disclosure via spoofable website .A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a...

6.5CVSS1.5AI score0.01113EPSS
Exploits0References7Affected Software9
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.7 views

WordPress limit-login-attempts-reloaded Security Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress limit-login-attempts-reloaded plugin prior to versi...

9.8CVSS7.4AI score0.04348EPSS
Exploits1References3
Veracode
Veracode
added 2020/07/03 6:23 a.m.11 views

Spoofable Cookies

Microsoft asp.net has caused spoofable cookies. It does not properly encode the data string parsed to cookie name value, allowing an attacker who can perform a secondary exploit such as an XSS vulnerability in the web site to inject the spoofed cookies if the prefixes are used...

4.7AI score
Exploits0
Veracode
Veracode
added 2020/04/10 12:53 a.m.27 views

Spoofable Address Bar

WebKitGTK+ is vulnerable to spoofable address bar. Due to lack of proper implementation of the history feature, it allows remote attackers to spoof the address bar via unspecified vectors...

5CVSS5.7AI score0.0181EPSS
Exploits1References14Affected Software1
Veracode
Veracode
added 2020/04/10 12:41 a.m.32 views

Spoofable Signature

D-Bus is vulnerable to Spoofable Signature. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for sending messages between applications. A local user could use this flaw to send a message with a malformed signature t...

3.6CVSS1.2AI score0.01332EPSS
Exploits1References16Affected Software1
Veracode
Veracode
added 2020/04/10 12:37 a.m.35 views

Spoofable Address Bar

Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...

5.8CVSS2.2AI score0.04745EPSS
Exploits1References29Affected Software4
Rows per page
Query Builder