Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

VulnCheck KEV: CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

EUVD-2025-0172

Malicious code in bioql PyPI...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

SUSE CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354

Imgproxy (affected version: prior to 3.27.2) is vulnerable to SSRF through the 0.0.0.0 address when IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES is false. The check only blocks loopback addresses (127.x.x.x) and does not consider 0.0.0.0, allowing access to local-host services. The issue is confirmed...

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)

According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1814)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQLite Memory Corruption Vulnerability

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite version 3.27.2. Currently the...

SQLite Memory Corruption Vulnerability (CNVD-2019-43407)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite version 3.27.2. Currently the...

AZL-38326 CVE-2019-8457 affecting package ceph for versions less than 18.2.1-1

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables...

openSUSE Security Update : sqlite3 (openSUSE-2019-1159)

This update for sqlite3 to version 3.27.2 fixes the following issue : Security issue fixed : - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. Release notes: https://www.sqlite.org/releaselog/3272.html This update was imported from the SUSE:SLE-15:Update...

Security update for sqlite3 (moderate)

openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1159-1 Rating: moderate References: 1119687 Cross-References: CVE-2018-20346 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for sqlite3 ...

Heap overflow

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5hash.c...

CVE-2019-9937

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5hash.c and ext/fts5/fts5index.c...

CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5hash.c...

CVE-2019-9937

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5hash.c and ext/fts5/fts5index.c...