Lucene search
K

8 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-304 Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

9.8CVSS6.7AI score0.01284EPSS
Exploits1References6
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-55454

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS0.00328EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

dalfox 访问控制错误漏洞

Dalfox is an automated cross-site scripting scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained a access control vulnerability. This vulnerability stemmed from the default binding of the REST API server to 0.0.0.0:6664, without the need for an API key. Additionally, th...

10CVSS5.9AI score0.01051EPSS
Exploits2References2
CVE
CVE
added 2026/05/08 10:21 p.m.26 views

CVE-2026-42339

CVE-2026-42339 (New API: SSRF Filter Bypass via 0.0.0.0) Affects New API (LLM gateway) up to v0.11.9-alpha.1. The SSRF protection is incomplete: 0.0.0.0/8 is not checked, allowing a regular user with a valid API token to request multimodal endpoints (/v1/chat/completions, /v1/responses, /v1/messa...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 5:46 p.m.3 views

CVE-2026-24231

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful...

6.3CVSS5.3AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 2025/12/02 12:35 a.m.2 views

GHSA-J4VQ-Q93M-4683 Keycloak has debug default bind address

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

6.8CVSS6.4AI score0.00432EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/01/20 12:0 a.m.13 views

coturn < 4.5.2 Loopback Bypass Vulnerability

coturn is prone to a loopback bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.2CVSS6.9AI score0.01282EPSS
Exploits3References2
NVD
NVD
added 2016/12/26 8:59 a.m.21 views

CVE-2016-9223

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator CCO; formerly CliQr could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco...

10CVSS9.2AI score0.02927EPSS
Exploits0References2
Rows per page
Query Builder