Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/17 9:3 p.m.25 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50554

Name of the Vulnerable Software and Affected Versions Steeltoe versions 3.2.2 through 3.3.0 Steeltoe version 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where management endpoints, when configured to listen on an...

8.2CVSS6AI score0.00238EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/21 10:44 p.m.38 views

CVE-2026-41060 AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

7.7CVSS0.003EPSS
Exploits1References2
Mozilla
Mozilla
added 2007/03/20 12:0 a.m.10 views

FTP PASV port-scanning — Mozilla

The FTP protocol includes the PASV passive command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice...

6.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder