Lucene search
+L

10 matches found

cve
cve
added yesterday9 views

CVE-2026-47160

Vaultwarden is affected by a server-side request forgery (SSRF) in the /icons/{domain}/icon.png endpoint, where decimal/hexadecimal/octal IP representations bypassed should_block_address() and post_resolve() checks, enabling blind internal network or port discovery. The issue is fixed in version ...

5.8CVSS6.1AI score0.00048EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/13 7:20 p.m.1 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References3Affected Software1
redhat
redhat
added 2023/04/12 3:4 p.m.2 views

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS7.4AI score0.14024EPSS
Exploits0References5
redhat
redhat
added 2023/03/30 1:6 p.m.3 views

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS7.4AI score0.14024EPSS
Exploits0References5
redhat
redhat
added 2023/01/23 3:20 p.m.2 views

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS7.4AI score0.14024EPSS
Exploits0References5
redhat
redhat
added 2023/01/09 2:55 p.m.5 views

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS7.4AI score0.14024EPSS
Exploits0References5
redhat
redhat
added 2022/12/06 3:39 p.m.5 views

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS7.4AI score0.14024EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2022/11/17 12:0 a.m.7 views

The vulnerability of the --inspect parameter implementation in Node.js’s object manipulation tools allows attackers to execute arbitrary code.

The vulnerability of the --inspect parameter in the Node.js object manipulation tool is related to errors during the conversion of the octal IP address. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS7AI score0.14024EPSS
Exploits0References16Affected Software8
ptsecurity
ptsecurity
added 2022/11/04 12:0 a.m.2 views

PT-2022-5492 · Node.Js +9 · Node.Js +9

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.21.1 Node.js versions prior to 16.18.1 Node.js versions prior to 18.12.1 Node.js versions prior to 19.0.1 Description: A OS Command Injection vulnerability exists in Node.js due to an insufficient IsAllowedHost...

9.8CVSS7.5AI score0.81464EPSS
Exploits13References240
ptsecurity
ptsecurity
added 2016/08/07 12:0 a.m.3 views

PT-2016-5814 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.5 Description: The issue allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address, as WordPress does not consider octal and hexadecimal IP address formats when determining an...

8.8CVSS5.8AI score0.04565EPSS
Exploits0References22
Rows per page
Query Builder