Lucene search
K

63 matches found

CVE
CVE
added 6 days ago17 views

CVE-2026-46611

Glances XML-RPC server (glances/server.py) before 4.5.5 does not validate the HTTP Host header, enabling DNS rebinding attacks to exfiltrate the victim’s monitoring data. The vulnerability affects the XML-RPC backend used by glances -s (XML-RPC path /RPC2) and allows an attacker to cause the brow...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References2
CVE
CVE
added last week7 views

CVE-2026-53945

CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...

4CVSS5.9AI score0.0014EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in etcd

A DNS rebinding vulnerability has been discovered in etcd 3.3.1 and earlier versions. An attacker can manipulate their DNS records to direct requests to localhost, thereby tricking the browser into sending requests to localhost or any other address...

5.5CVSS6.3AI score0.00512EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 7:17 p.m.7 views

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 7:17 p.m.9 views

CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.3AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48732

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:19 p.m.15 views

NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:0 p.m.13 views

dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2026/05/15 6:8 a.m.11 views

CVE-2026-42559

A flaw was found in rmcp, the official Rust SDK for the Model Context Protocol. The Streamable HTTP server transport in rmcp failed to validate the incoming Host header, enabling a malicious public website to exploit this through a DNS rebinding attack. This allows the attacker to send...

8.8CVSS5.6AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 3:30 p.m.41 views

CVE-2026-42592 Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

5.3CVSS0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 2:24 p.m.7 views

EUVD-2026-30292

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39207

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.12 Description The isInternalAddress function in packages/service/common/system/utils.ts is susceptible to DNS rebinding, a Time-of-Check to Time-of-Use TOCTOU issue. The function validates a hostname by resolvin...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 1:52 p.m.12 views

CVE-2026-41688

Wallos (versions ≤ 4.8.4) has an incomplete SSRF fix: the webhook URL is validated with gethostbyname(), but the original hostname is passed to curl without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, creating a DNS rebinding TOCTOU window. At publication, no patches are availabl...

7.7CVSS7.3AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:52 p.m.7 views

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS7.3AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 8:16 p.m.4 views

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 10:25 p.m.33 views

CVE-2026-41055 AVideo has an incomplete fix for CVE-2026-33039 (SSRF)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...

8.6CVSS0.00377EPSS
Exploits1References4
CVE
CVE
added 2026/04/21 2:14 p.m.15 views

CVE-2026-1089

The CVE-2026-1089 affects Fortra’s GoAnywhere MFT prior to version 7.10.0, where a user‑controlled HTTP header can trigger DNS lookups, DNS rebinding, and information disclosure. The vulnerability involves an HTTP header handling flaw that can be exploited by an unauthenticated network attacker (...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/13 9:16 p.m.3 views

CVE-2026-33659

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS0.00333EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32517

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dns get record but the actual HTTP...

3.5CVSS6.4AI score0.00333EPSS
Exploits1References5
Rows per page
Query Builder