Lucene search
+L

5 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-63088

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-44970

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-63088

In StoatChat, CVE-2026-63088 affects stoatchat before 0.14.0 with an SSRF flaw. The vulnerability stems from incomplete address validation in url_is_blacklisted, which only inspects the first resolved address while the HTTP client iterates all cached addresses, enabling unauthenticated, network-a...

8.6CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2024-58360

CVE-2024-58360 affects stoatchat versions before 0.7.8. The issue: account creation restrictions (invite-only, email verification, captcha, shield verification) are not enforced, allowing attackers to create unlimited accounts with unverified emails. Impacts include higher denial-of-service risk ...

6.9CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-63306

The CVE-2026-63306 issue affects stoatchat prior to 0.13.5 and is an unauthenticated server-side request forgery (SSRF) in the /proxy and /embed endpoints. The vulnerability allows supplying arbitrary URLs without DNS resolution filtering or private IP range validation, enabling attackers to enum...

9.2CVSS6.2AI score
Exploits0References2
Rows per page
Query Builder