Lucene search
K

14 matches found

OSV
OSV
added 2026/07/06 5:30 p.m.9 views

GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...

7.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5244 Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg

Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg...

5.8AI score0.00051EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51096

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.2 Description An incomplete Server-Side Request Forgery SSRF protection exists in the Link Check API. The tools.IsInternalIP deny-list in internal/tools/net.go fails to block certain IPv6 transition mechanisms an...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References7
OSV
OSV
added 2026/05/29 4:50 p.m.21 views

GHSA-86M8-88FQ-XFXP Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes

Summary IsPublicIP in pkg/gotenberg/outbound.go incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations e.g., cloud metadata services at 169.254.169.254 via a single crafted DNS AAAA record. This...

7.5CVSS5.9AI score0.00051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45014

Name of the Vulnerable Software and Affected Versions Gotenberg affected versions not specified Description An unauthenticated attacker can bypass the SSRF deny-list by using a crafted DNS AAAA record. The IsPublicIP function in pkg/gotenberg/outbound.go incorrectly classifies certain IPv6...

7.5CVSS5.9AI score0.00051EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 9:2 p.m.11 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 9:2 p.m.2 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS6.1AI score0.00285EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/14 9:2 p.m.43 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS0.00285EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 9:2 p.m.13 views

EUVD-2026-30488

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 9:2 p.m.47 views

CVE-2026-44430

CVE-2026-44430 affects the MCP Registry: unauthenticated SSRF via the HTTP namespace verification that dials attacker-controlled domains. The root cause is an allowlist that only covers classic IPv4-derived categories and a manual CGNAT range, while omitting IPv6 prefixes that embed IPv4—specific...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained code vulnerabilities. These vulnerabilities stemmed from HTTP-based namespace verification, which used safeDialContext to dial private/internal...

6.3CVSS6AI score0.00285EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 5:20 p.m.9 views

GHSA-R48C-V28R-PF6V MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

Summary The Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling private/internal addresses when fetching the well-known public-key file from a publisher-supplied domain. The...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.12 views

PT-2022-12383 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0u.6118 B20201102 Description: A stack overflow was discovered in the setIpv6Cfg function, allowing attackers to cause a Denial of Service DoS via the relay6to4 parameters. Recommendations: For TOTOLINK X5000R...

7.8CVSS7.6AI score0.01175EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/10/31 12:0 a.m.15 views

PT-2019-4882 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions 4.6 through 4.12.x Description: The issue is related to incorrect error handling for a malformed format character in the hypercall initialise function of the Xen hypervisor. This can be exploited by a remote attacker to cause a...

9.8CVSS7.4AI score0.16658EPSS
Exploits4References182
Rows per page
Query Builder