Lucene search
K

1436 matches found

Nuclei
Nuclei
added 14 hours ago45 views

MindsDB -DNS Rebinding SSRF Protection Bypass

Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...

9.3CVSS5.9AI score0.04936EPSS
Exploits1References2
NVD
NVD
added 2 days ago4 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2 days ago11 views

CVE-2026-49471

Serena exposes an unauthenticated Flask API on a fixed port prior to v1.5.2, with no authentication, CSRF protection, or Host header validation. A DNS rebinding attack can reach this API from any browser and write arbitrary content to the agent’s persistent memory store, which the agent may read ...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago2 views

PT-2026-56242

Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added last week12 views

9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...

6.6AI score0.00147EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-10546

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:54 p.m.10 views

CVE-2026-10546

CVE-2026-10546 affects IBM Langflow OSS versions 1.0.0–1.9.3. A Server-Side Request Forgery (SSRF) in the URL component (src/lfx/src/lfx/components/data_source/url.py) arises from a TOCTOU race condition that can be exploited via DNS rebinding. The vulnerability stems from validating URLs in vali...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:54 p.m.6 views

EUVD-2026-40402

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:54 p.m.39 views

CVE-2026-10546 DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 5:16 p.m.16 views

CVE-2026-58169

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 3:52 p.m.17 views

CVE-2026-58169

CVE-2026-58169 — Vibe-Trading

7.7CVSS6.4AI score0.00286EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/30 3:52 p.m.8 views

EUVD-2026-40350

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS6.4AI score0.00286EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53920

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The local API server trusts the TCP peer address to bypass the API AUTH KEY bearer-token check for loopback clients and lacks Host header validation while binding to 0.0.0.0 with credentialed...

7.7CVSS6.6AI score0.00286EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-520 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7AI score0.00338EPSS
Exploits0References11
CVE
CVE
added 2026/06/26 8:44 p.m.33 views

CVE-2026-54353

Budibase prior to version 3.39.9 is vulnerable to a non‑blind SSRF due to a DNS rebinding bypass in the outbound fetch validation flow. Authenticated users with automation permissions can bypass the SSRF blacklist: the hostname is validated against the blacklist, but the socket connection later p...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 7:19 a.m.6 views

CVE-2026-46611

A vulnerability in the Glances XML-RPC server fails to properly validate HTTP Host headers, enabling DNS rebinding attacks. If a user is tricked into visiting a malicious website, a remote attacker can exploit this flaw to exfiltrate sensitive system monitoring data. Mitigation The XML-RPC server...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 6:0 p.m.19 views

CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 6:9 p.m.26 views

CVE-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS0.0014EPSS
Exploits0References1
Rows per page
Query Builder