Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF
Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing
Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication
In sshd in OpenSSH before 10
Dell PowerProtect Data Domain, versions 7
LibreTranslate - IP Spoofing via X-Forwarded-For Header
Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment
ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL
Apache APISIX: wolf-rbac plugin Identity Spoofing
OfflineIMAP before 8
HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header
Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file
Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery
Shynet before 0
URL (HTTP Origin) call location spoofing in Szafir SDK Web
AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()
Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust fu...
Header Poisoning in Raytha CMS
Showing 1 - 20 of 1,000+ results