4 matches found
ALPINE-CVE-2026-48715
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...
CVE-2026-39087
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs...
ntfy 代码注入漏洞
NTFY is a notification service system developed by Philipp Heckel, designed to enable cross-device message delivery through the publish-subscribe mechanism. Versions of NTFY prior to version 2.21 contained a code injection vulnerability. This vulnerability stemmed from issues with the parseAction...
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...