QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CLSA-2026-1769511237 ruby: Fix of 2 CVEs

CVE-2025-61594: fix incomplete fix for CVE-2025-27221 which allowed credential leaks to persist in URI+ CVE-2025-27221: fix credential leak by correctly truncating userinfo...

EUVD-2019-17773

Malware in sbrugna...

EUVD-2005-0022

Malware in sbrugna...

EUVD-2013-3830

Malware in sbrugna...

EUVD-2020-12265

Malware in sbrugna...

EUVD-2018-1678

Malware in sbrugna...

EUVD-2010-3828

Malware in sbrugna...

EUVD-2019-4473

Malware in sbrugna...

EUVD-2017-3449

Malware in sbrugna...

EUVD-2018-18080

Malware in sbrugna...

EUVD-2021-32482

Malicious code in bioql PyPI...

EUVD-2025-1726

Malicious code in bioql PyPI...

EUVD-2025-9401

Malicious code in bioql PyPI...

PT-2025-37863

Name of the Vulnerable Software and Affected Versions ip aka node-ip versions through 2.0.1 Description The ip aka node-ip package may allow Server-Side Request Forgery SSRF due to the improper categorization of the IP address value 017700000001 as globally routable via the isPublic function. Thi...

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

GHSA-FQ34-XW6C-FPHF Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

StudentManage 安全漏洞

StudentManage is a student management system by DayCloud Individual Developer in China. A security vulnerability exists in StudentManage version 1.0, which stems from improper handling of the component /admin/adminStudentUrl, which could lead to an SQL injection attack...

CVE-2025-38283 hisi_acc_vfio_pci: bugfix live migration function without VF device driver

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device data migration, the address of the migrated data will be NULL. The liv...