Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in validatewebhookurl, in...

EUVD-2026-16642

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

GO-2026-4724 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS in github.com/cloudnativelabs/kube-router

Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS in github.com/cloudnativelabs/kube-router...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254

CVE-2026-32254 (Kube-router) affects the kube-router proxy module in Kubernetes networking before version 2.8.0, where ExternalIPs and LoadBalancer IPs are not validated before being programmed into node network configurations. This can enable cluster-wide traffic hijacking and DNS DoS if malicio...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

kube-router 安全漏洞

Kube-router is a Kubernetes networking solution open sourced by CloudNative Labs. Versions of Kube-router prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the proxy module not verifying the externalIPs or loadBalancer IPs, which could lead to improper network...

EUVD-2025-197647

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

PT-2025-47000

Name of the Vulnerable Software and Affected Versions Email Parsing Library affected versions not specified Description A flaw exists in the email parsing library related to how recipient email addresses are processed. Specifically, the library improperly handles specially formatted addresses,...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R1.2.2, which stems from an open redirect on the...

Design/Logic Flaw

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

CVE-2022-32517

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...

Design/Logic Flaw

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...