Lucene search
K

114 matches found

SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.6 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/23 9:22 p.m.8 views

Server-side Request Forgery (SSRF)

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class,...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:22 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rsync vulnerabilities (USN-8283-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8283-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

8.1CVSS5.9AI score0.0078EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/04/13 4:36 p.m.8 views

External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine

Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

9.1CVSS5.8AI score0.00369EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 5:40 p.m.5 views

CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

8.3CVSS5.9AI score0.00369EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/04 9:18 p.m.27 views

CVE-2026-25518 cert-manager-controller DoS via Specially Crafted DNS Response

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

5.9CVSS0.00349EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33195)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33195 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate...

7.5CVSS5.7AI score0.03231EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.15 views

CVE-2023-43052

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domai...

5.3CVSS7AI score0.00338EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.4 views

FreeBSD : zeek -- information leak vulnerability (50fd6a75-0587-4987-bef2-bb933cd78ea1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 50fd6a75-0587-4987-bef2-bb933cd78ea1 advisory. Tim Wojtulewicz of Corelight reports: The KRB analyzer can leak information about hosts in analyzed...

5.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-13738

Malware in sbrugna...

5.3CVSS5.5AI score0.01524EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-10493

Malware in sbrugna...

8.6CVSS8.8AI score0.0161EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15427

Malware in sbrugna...

8.8CVSS8.8AI score0.03474EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14089

Malware in sbrugna...

10CVSS8.9AI score0.01535EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-47473

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27579

Malicious code in bioql PyPI...

7.5CVSS4.3AI score0.00973EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.5 views

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

5.3CVSS6.7AI score0.00539EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/07 4:55 p.m.18 views

CVE-2023-43052 IBM Control Center external service interaction

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domai...

5.3CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/07 4:55 p.m.16 views

CVE-2023-43052 IBM Control Center external service interaction

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domai...

5.3CVSS7AI score0.00338EPSS
Exploits0References1
Rows per page
Query Builder