CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

SUSE CVE-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn't call specific hosts. However, the restriction can be bypassed used punycode encoding of the...

Axios NPM package code issue vulnerability

Axios is an HTTP client based on Promise a solution for asynchronous programming. A security vulnerability exists in the Axios NPM package version 0.21.0, which can be exploited by an attacker to be able to bypass the proxy by providing a URL that responds to a restricted host or IP address via a...

UBUNTU-CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...