3 matches found
CVE-2026-48782
CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
SUSE-SU-2023:2959-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR MFSA 2023-26, bsc1213230 Security fixes: - CVE-2023-3600: Fixed use-after-free in workers bmo1839703 Other fixes: - Fixed a startup crash experienced by some Windows users by blocking instances...