127 matches found
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of using the $resolvedIP output parameter from functions like EpgParser.php and...
CVE-2026-42559
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
CVE-2026-42344
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...
OpenClaw has an unspecified vulnerability (CNVD-2026-16699)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the failure to properly secure the executable identity of argv0 tokens that were not path-related, which...
PT-2026-26074
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2 Description The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the...
Exposed Dangerous Method or Function
Overview playwright is an A high-level API to automate web browsers Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via missing validation of the Origin header on incoming connections. An attacker can gain unauthorized access to locally running endpoints b...
PT-2026-1558
Name of the Vulnerable Software and Affected Versions Microsoft Playwright MCP Server versions prior to 0.0.40 Description The software does not properly validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and se...
CVE-2025-9614
CVE-2025-9614 is part of PCIe IDE vulnerabilities described in multiple sources (PCI-SIG/PCIe IDE spec). The issue: insufficient guidance on re-keying/stream flushing during device rebinding can allow stale writes from one security context to be processed in a new one, compromising confidentialit...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
GO-2025-3991 Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi
Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi...
DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information
Overview A vulnerability in cross-origin resource sharing CORS headers in Chromium, Google Chrome, Microsoft Edge, Safari, and Firefox enables the CORS policy to be manipulated. Combined with a DNS rebind, an attacker can send arbitrary requests to services listening on arbitrary ports regardless...
EUVD-2007-5253
Malware in sbrugna...
EUVD-2018-3355
Malware in sbrugna...
EUVD-2021-16073
Malware in sbrugna...
EUVD-2021-0816
Malware in sbrugna...
EUVD-2007-5254
Malware in sbrugna...
EUVD-2021-10017
Malware in sbrugna...
EUVD-2019-10883
Malware in sbrugna...
EUVD-2020-19485
Malware in sbrugna...