23 matches found
CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...
CVE-2026-40435
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...
EUVD-2026-29973
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40435
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40435 BIG-IP httpd access control vulnerability
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40435
CVE-2026-40435 affects F5 BIG-IP httpd access control. When IP-based restrictions are configured, they do not cover all endpoints, potentially allowing connections from blocked addresses to the control plane HTTP services. Impact is a control-plane issue; exploitation requires valid credentials t...
CVE-2026-40435 BIG-IP httpd access control vulnerability
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435
Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...
PT-2026-40647
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, where the IP access restrictions of htt...
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had code vulnerabilities. These vulnerabilities stemmed from the incomplete validation of the IPv4 special-purpose range by the isPrivateIpv4 function, which could allow...
CVE-2026-27127
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
Linux Distros Unpatched Vulnerability : CVE-2021-45471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. CVE-2021-45471 Note that Nessus relies on the presence of the package as...
feiqu 安全漏洞
feiqu Feiqu Community is a web application by the individual developer Chen Weidong chen87548081. A security vulnerability exists in feiqu feiqu-opensource, which stems from a vertical authorization vulnerability that can be exploited by an attacker to arbitrarily change the blacklisted IP...