56 matches found
CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...
CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...
CLSA-2026-1769511237 ruby: Fix of 2 CVEs
CVE-2025-61594: fix incomplete fix for CVE-2025-27221 which allowed credential leaks to persist in URI+ CVE-2025-27221: fix credential leak by correctly truncating userinfo...
EUVD-2017-3449
Malware in sbrugna...
EUVD-2010-3828
Malware in sbrugna...
EUVD-2018-1678
Malware in sbrugna...
EUVD-2019-4473
Malware in sbrugna...
EUVD-2020-12265
Malware in sbrugna...
EUVD-2013-3830
Malware in sbrugna...
EUVD-2018-18080
Malware in sbrugna...
EUVD-2019-17773
Malware in sbrugna...
EUVD-2005-0022
Malware in sbrugna...
EUVD-2021-32482
Malicious code in bioql PyPI...
EUVD-2025-1726
Malicious code in bioql PyPI...
EUVD-2025-9401
Malicious code in bioql PyPI...
PT-2025-37863
Name of the Vulnerable Software and Affected Versions ip aka node-ip versions through 2.0.1 Description The ip aka node-ip package may allow Server-Side Request Forgery SSRF due to the improper categorization of the IP address value 017700000001 as globally routable via the isPublic function. Thi...
CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
GHSA-FQ34-XW6C-FPHF Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...
StudentManage 安全漏洞
StudentManage is a student management system by DayCloud Individual Developer in China. A security vulnerability exists in StudentManage version 1.0, which stems from improper handling of the component /admin/adminStudentUrl, which could lead to an SQL injection attack...