Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/26 7:17 p.m.12 views

EUVD-2026-37512

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses incomplete fix of CVE-2026-46678...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 10:49 p.m.32 views

CVE-2026-48782

CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...

6.8CVSS5.3AI score0.00332EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 9:0 p.m.12 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...

7.5CVSS5.5AI score0.00267EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 9:0 p.m.7 views

GHSA-4QQR-VV2Q-CMR5 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...

7.5CVSS5.5AI score0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50129

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...

6.8CVSS5.3AI score0.00332EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.10 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite the...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/27 9:41 a.m.11 views

Server-side Request Forgery (SSRF)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The NoPrivateNetworkHttpClient is designed to be a security boundary that blocks requests to private/interna...

8.8CVSS5.8AI score0.00029EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.8 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Rows per page
Query Builder