1436 matches found
MindsDB -DNS Rebinding SSRF Protection Bypass
Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...
CVE-2026-49471
Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...
CVE-2026-49471
Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...
CVE-2026-49471
Serena exposes an unauthenticated Flask API on a fixed port prior to v1.5.2, with no authentication, CSRF protection, or Host header validation. A DNS rebinding attack can reach this API from any browser and write arbitrary content to the agent’s persistent memory store, which the agent may read ...
PT-2026-56242
Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...
9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...
CVE-2026-10546
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...
CVE-2026-10546
CVE-2026-10546 affects IBM Langflow OSS versions 1.0.0–1.9.3. A Server-Side Request Forgery (SSRF) in the URL component (src/lfx/src/lfx/components/data_source/url.py) arises from a TOCTOU race condition that can be exploited via DNS rebinding. The vulnerability stems from validating URLs in vali...
EUVD-2026-40402
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...
CVE-2026-10546 DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...
CVE-2026-58169
Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...
CVE-2026-58169
CVE-2026-58169 — Vibe-Trading
EUVD-2026-40350
Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...
PT-2026-53920
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The local API server trusts the TCP peer address to bypass the API AUTH KEY bearer-token check for loopback clients and lacks Host header validation while binding to 0.0.0.0 with credentialed...
PYSEC-2026-520 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
CVE-2026-54353
Budibase prior to version 3.39.9 is vulnerable to a non‑blind SSRF due to a DNS rebinding bypass in the outbound fetch validation flow. Authenticated users with automation permissions can bypass the SSRF blacklist: the hostname is validated against the blacklist, but the socket connection later p...
CVE-2026-46611
A vulnerability in the Glances XML-RPC server fails to properly validate HTTP Host headers, enabling DNS rebinding attacks. If a user is tricked into visiting a malicious website, a remote attacker can exploit this flaw to exfiltrate sensitive system monitoring data. Mitigation The XML-RPC server...
CVE-2026-46611
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...
CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...
CVE-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...