52 matches found
GHSA-M547-HP4W-J6JX Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Summary Unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of echo.Context.RealIP. Details In the first file below, the rate-limit for unauthenticated users can be observed...
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...
CVE-2026-29794
Vikunja (open-source self-hosted task management) before version 2.2.0 is affected by a rate-limit bypass vulnerability. The issue arises because rate-limiting is enforced using (echo.Context).RealIP, and unauthenticated requests can spoof headers X-Forwarded-For or X-Real-IP to bypass limits. Th...
Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of echo.Context.RealIP...
CVE-2025-69240
Raytha CMS contains a vulnerability where an attacker can spoof X-Forwarded-Host or Host headers to direct a password reset email to a attacker-controlled domain. If a victim clicks the reset link, the token is exposed to the attacker, enabling password reset and account takeover. The issue is do...
CVE-2026-28465
OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...
CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...
CVE-2026-21862
RustFS had an authorization bypass vulnerability in IP-based access control prior to alpha.78. The get_condition_values logic trusts client-supplied X-Forwarded-For/X-Real-IP without proxy verification, allowing reachable clients to spoof aws:SourceIp and defeat IP allowlists. This can enable una...
CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
PT-2026-6412
Summary IP-based access control can be bypassed: get condition values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...
DEBIAN-CVE-2026-21881
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
Linux Distros Unpatched Vulnerability : CVE-2026-21881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when...
PT-2026-2118
Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below Description Kanboard is project management software based on the Kanban methodology. When the REVERSE PROXY AUTH setting is enabled, the application does not properly verify the source of HTTP headers used fo...
EUVD-2024-55343
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2025-66577
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...