Lucene search
K

23 matches found

Cvelist
Cvelist
added 2026/06/30 3:54 p.m.35 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS0.00412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40435

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.5AI score0.00228EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.7 views

F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29973

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-40435

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.35 views

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40435

CVE-2026-40435 affects F5 BIG-IP httpd access control. When IP-based restrictions are configured, they do not cover all endpoints, potentially allowing connections from blocked addresses to the control plane HTTP services. Impact is a control-plane issue; exploitation requires valid credentials t...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software21
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.8 views

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/05/13 12:30 p.m.15 views

K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435

Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...

6.9CVSS5.7AI score0.00228EPSS
Exploits0Affected Software11
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40647

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, where the IP access restrictions of htt...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS5.8AI score0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32019

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

6CVSS5.8AI score0.00206EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.21 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS0.00206EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had code vulnerabilities. These vulnerabilities stemmed from the incomplete validation of the IPv4 special-purpose range by the isPrivateIpv4 function, which could allow...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.14 views

CVE-2026-27127

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.5AI score0.00446EPSS
Exploits2References1
NVD
NVD
added 2026/02/24 3:16 a.m.6 views

CVE-2026-27127

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS0.00446EPSS
Exploits1References3
OSV
OSV
added 2026/02/24 2:39 a.m.7 views

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.6AI score0.00446EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-45471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. CVE-2021-45471 Note that Nessus relies on the presence of the package as...

5.3CVSS6.1AI score0.01242EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.4 views

feiqu 安全漏洞

feiqu Feiqu Community is a web application by the individual developer Chen Weidong chen87548081. A security vulnerability exists in feiqu feiqu-opensource, which stems from a vertical authorization vulnerability that can be exploited by an attacker to arbitrarily change the blacklisted IP...

8.8CVSS7.9AI score0.00604EPSS
Exploits1References2
Rows per page
Query Builder