32 matches found
CVE-2026-45619
WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...
CVE-2026-45619
WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...
CVE-2026-45619
Summary: WWBN AVideo prior to 29.0 allowed SSRF via isSSRFSafeURL() because subsequent fetches used file_get_contents() with redirects enabled. Two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) validate the URL but do not prevent redirects, enabling a redirect-based DNS re...
CVE-2026-45619 AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post
WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...
CVE-2026-45619
WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...
GHSA-C3CH-22RQ-XFWR AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`
CVE-2026-43884 fix 603e7bf patched EpgParser.php and plugin/AI/receiveAsync.json.php to use urlgetcontents redirect-safe. Neither uses the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE. Six+ other call sites still discard $resolvedIP, opening DNS-rebinding TOCTOU...
PT-2026-43463
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description Certain components, including EpgParser.php and plugin/AI/receiveAsync.json.php, fail to utilize the $resolvedIP out-parameter of the isSSRFSafeURL function for DNS pinning via CURLOPT RESOLVE...
CVE-2026-22181
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...
CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...
CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...
CVE-2026-22181
OpenClaw web_fetch paths in versions
CVE-2026-22181
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...
OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured
Summary openclaw web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured HTTPPROXY/HTTPSPROXY/ALLPROXY, including lowercase variants. In affected builds, strict URL checks for example webfetch and citation redirect resolution validated one destinati...
EUVD-2019-16222
Malware in sbrugna...
CVE-2019-6663
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack...
CVE-2020-10212
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...
Design/Logic Flaw
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...
CVE-2019-6663
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack...
CVE-2019-6663
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack...
CVE-2019-6663
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack...