20 matches found
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...
CVE-2026-9818
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
New API 代码问题漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.9-alpha.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection for the unspecified address 0.0.0.0, which could allow users with valid API tokens to bypas...
Nocobase 安全漏洞
Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.37 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection when the workflow HTTP request plugin and custom request operation plugins initiated...
CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
ZITADEL has potential SSRF via Actions
Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...
PT-2026-22070
Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.59.0 through 4.10.0 Description ZITADEL is an open source identity management platform. The Zitadel Action V2 feature, introduced as an early preview in version 2.59.0, beta in 3.0.0, and generally available in 4.0.0, allows...
CVE-2026-22245 Mastodon has SSRF Protection bypass
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...
CVE-2024-51407
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies...
CVE-2024-51406
Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster...
CVE-2024-13741
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pmuploadimage function. This makes it possible for authenticated attackers, with Subscriber-level access and abov...
CVE-2024-51407
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies...
CVE-2024-51406
Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster...
CVE-2024-51407
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies...
Floodlight OpenFlow Controller 安全漏洞
Floodlight OpenFlow Controller OSS is a Java-based open source enterprise SDN controller from Floodlight Open Source. A security vulnerability exists in Floodlight OpenFlow Controller version 1.2, which stems from allowing local hosts to construct fake LLDP packets, which can lead to hosts inside...
PT-2024-34621 · Unknown · Open Floodlight Sdn Controller
Name of the Vulnerable Software and Affected Versions: Floodlight SDN OpenFlow Controller version 1.2 Description: The issue allows local hosts to construct false broadcast ports, causing inter-host communication anomalies. Recommendations: For Floodlight SDN OpenFlow Controller version 1.2,...
Floodlight OpenFlow Controller 安全漏洞
Floodlight OpenFlow Controller OSS is a Java-based open source enterprise SDN controller from Floodlight Open Source. A security vulnerability exists in Floodlight OpenFlow Controller version 1.2 that stems from allowing local hosts to construct fake broadcast ports, which can lead to abnormal...
CVE-2024-51407
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies...
dotCMS 代码问题漏洞
dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from TempFileAPI allowing a user to create a tempora...
CVE-2017-20066
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used...