Lucene search
+L

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:37 p.m.14 views

Security Bulletin: IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

Summary A Time-of-Check to Time-of-Use TOCTOU vulnerability in IBM Langflow Desktop's SSRF protection allows authenticated attackers to bypass internal network access restrictions using DNS rebinding attacks. The validateurlforssrf function validates URLs using socket.getaddrinfo, but...

5.4CVSS5.6AI score0.00138EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/08 10:26 p.m.41 views

CVE-2026-42346 Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths

Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU Time-of-Check-Time-of-Use vulnerability: isSafePublicHttpsUrl resolves DNS to validate the target IP, but subsequent fetch calls...

6.5CVSS0.00224EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 8:46 p.m.28 views

CVE-2026-42449

Summary: CVE-2026-42449 affects n8n-mcp SDK embedder paths where SSRF protection (SSRFProtection.validateUrlSync) fails to validate IPv4-mapped IPv6 addresses, enabling an attacker-controlled n8nApiUrl to cause the server to make HTTP requests to internal networks, cloud metadata endpoints, or lo...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 7:21 p.m.9 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 10:16 p.m.6 views

GHSA-GP2F-7WCM-5FHX Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

7CVSS6.2AI score0.00446EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/01/28 7:12 p.m.33 views

CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS0.003EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-10553

Malware in sbrugna...

8.6CVSS8.8AI score0.01058EPSS
Exploits0References4
Huntr
Huntr
added 2021/06/20 5:13 p.m.15 views

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description SSRF protection bypass via crafted payload which leads to SSRF. 🕵️‍♂️ Proof of Concept Payload: 2130706433 This is the decimal way of representing localhost which resolves to localhost. 💥 Impact This vulnerability is capable of SSRF...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2015/05/11 9:42 p.m.39 views

Slack: Bypass of the SSRF protection (Slack commands, Phabricator integration)

Abstract Some Slack features like "Integrations / Phabricator" and "Integration / Slash Commands" allow users to submit URL that will be accessed by the backend servers. A blacklist tries to forbid access to internal resources loopback, 10.0.0.0/8, 192.168.0.0/24, .... This blacklist can be...

0.1AI score
Exploits0
Rows per page
Query Builder