CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

LetsDefend-SOC235-Atlassian-Confluence-Broken-Access-Control-0...

SUSE CVE-2023-53343

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...

Malicious code in browser-history-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

MAL-2025-191695 Malicious code in browser-history-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

Surf - Escalate Your SSRF Vulnerabilities On Modern Cloud Environments

surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending a HTTP request from your machine to each host, collecting all the hosts that did not respond, and then filtering them into a list of externally facing and internally facing hosts. You ca...

SUSE CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

SUSE CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

Metasploit Weekly Wrap-Up

Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...

Matrix Synapse Input Validation Error Vulnerability

Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...

Kubernetes Security Vulnerabilities

Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that ca...

VPS-Docker-For-Pentest - Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest

Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target. Requirements Terraform installed Ansible installed SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage 1.- Clone the repository...

China Unicom's router gateway device suffers from information leakage vulnerability

China United Network Communications Group Corporation "China Unicom" is a telecommunications operator in China. An information leakage vulnerability exists in a router gateway device of China Unicom. The gateway's management page allows external network access, which can be used to obtain...

Update Rollup 7 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 7 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 7 for Microsoft System Center 2012 R2 Virtual Machine Manager VMM. There are three updates available for System Center 2012 R2 VMM. One update for...

Update Rollup 8 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 8 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 8 UR8 for Microsoft System Center 2012 R2 Virtual Machine Manager. There are two updates available for System Center 2012 R2 Virtual Machine Manager: on...