10 matches found
CVE-2026-47160
Vaultwarden is affected by a server-side request forgery (SSRF) in the /icons/{domain}/icon.png endpoint, where decimal/hexadecimal/octal IP representations bypassed should_block_address() and post_resolve() checks, enabling blind internal network or port discovery. The issue is fixed in version ...
CVE-2026-33534
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...
nodejs: DNS rebinding in inspect via invalid octal IP address
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
nodejs: DNS rebinding in inspect via invalid octal IP address
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
nodejs: DNS rebinding in inspect via invalid octal IP address
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
nodejs: DNS rebinding in inspect via invalid octal IP address
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
nodejs: DNS rebinding in inspect via invalid octal IP address
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
The vulnerability of the --inspect parameter implementation in Node.js’s object manipulation tools allows attackers to execute arbitrary code.
The vulnerability of the --inspect parameter in the Node.js object manipulation tool is related to errors during the conversion of the octal IP address. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2022-5492 · Node.Js +9 · Node.Js +9
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.21.1 Node.js versions prior to 16.18.1 Node.js versions prior to 18.12.1 Node.js versions prior to 19.0.1 Description: A OS Command Injection vulnerability exists in Node.js due to an insufficient IsAllowedHost...
PT-2016-5814 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.5 Description: The issue allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address, as WordPress does not consider octal and hexadecimal IP address formats when determining an...