CVE-2026-53754

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

ANT-2026-6DSMTXZ8 · mastodon · SSRF

ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

SUSE CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

Linux kernel memory misreference vulnerability (CNVD-2018-00233)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in the dccpdisconnect function in net/dccp/proto.c in 4.14.3 and earlier...

DEBIAN-CVE-2017-8824

The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...

The vulnerabilities of the library that provides system calls and core functions in glibc allow a malicious actor to cause a service failure or execute arbitrary code.

Multiple vulnerabilities exist in the functions senddg and sendvc of the libresolv module’s library, which provides system calls and core functions for the glibc library. These vulnerabilities allow a malicious actor to trigger service failures or execute arbitrary code through a specially crafte...

Sun Solaris 10 - snoop(1M) Utility Remote Command Execution

/ hoagiesnoop.c SUN SOLARIS SNOOP REMOTE EXPLOIT + Sun Solaris 8/9/10 + OpenSolaris /tmp/.patch.your.system.txt' now ... done attack:/exploits admin@opensolaris: snoop port 445 Using device pcn0 promiscuous mode sh1: ï¿œSMBr: not found No such file or directory WARNING: received signal 11 from...