CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

Halloy 路径遍历漏洞

Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...

PT-2026-26687

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorized keys and the fi...

EUVD-2002-2250

Malware in sbrugna...

SUSE CVE-2006-0458

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

SUSE CVE-2014-1690

The help function in net/netfilter/nfnatirc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature...

DEBIAN-CVE-2017-15721

In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468...

ALPINE-CVE-2017-15721

In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468...

Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper

The help function in net/netfilter/nfnatirc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature...

DEBIAN-CVE-2012-0033

The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service crash via a crafted DCC RESUME request...

CVE-2007-1057

The CVE-2007-1057 issue affects the Net Direct client for Linux before 6.0.5 in Nortel products (Application Switch 2424, VPN 3050/3070, SSL VPN Module 1000). The vulnerability arises from extracting and executing files with insecure permissions, enabling a local attacker to exploit a race condit...

PT-2003-2001 · Xchat · Xchat

Name of the Vulnerable Software and Affected Versions: xchat version 2.0.6 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, via a passive DCC request with an invalid ID number. This action causes a null dereference. Recommendations: For xchat...