Server-Side Request Forgery

esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...

SUSE CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh's /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2026-27730 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2026-27730

esm.sh (a no-build CDN for web development) versions up to and including 137 contain an SSRF (CWE-918) in the /http(s) fetch route. The service validates against localhost/internal targets using hostname string checks, which can be bypassed with DNS alias domains, allowing an external requester t...

MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit

No description provided by source. / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof PoC File:...

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof P...