CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

EUVD-2026-0797

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

XML External Entity (XXE) Injection

Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...

EUVD-2002-0231

Malware in sbrugna...

EUVD-2011-1174

Malware in sbrugna...

EUVD-1999-0526

Malware in sbrugna...

EUVD-2021-14372

Malware in sbrugna...

EUVD-2022-3560

Malicious code in bioql PyPI...

CVE-2025-34202

CVE-2025-34202 affects Vasion Print (Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518). The issue stems from exposing Docker internal networks, enabling an attacker on the same external L2 segment or one who can route via the appliance to reach container IPs directly. T...

Security Bulletin: IBM App Connect Enterprise Certified Container operands have unnecessary external access [CVE-2022-43916]

Summary Some of the IBM App Connect Enterprise Certified Container Pods in a deployed environment have unnecessary external network access. This bulletin provides patch information to address the network access. CVE-2022-43916 Vulnerability Details CVEID:CVE-2022-43916 DESCRIPTION: IBM App Connec...

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to lack of egress restriction

Summary IBM Fusion and IBM Fusion HCI are vulnerable to allowing data to be sent to the external network due to the lack of egress restriction. CVE-2024-22315. Vulnerability Details CVEID:CVE-2024-22315 DESCRIPTION: IBM Storage Fusion is vulnerable to insecure network connection by allowing an...

GHSA-5Q9X-554G-9JGG SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)

SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow a...

Explaining External Network Assessment with Vector Command

Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service. Understanding threat exposure management Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

Microsoft Purview 代码问题漏洞

Microsoft Purview is a service provided by Microsoft for data governance and compliance. A security vulnerability exists in Microsoft Purview, which can be exploited by an attacker to trigger a server to send a request to an internal or external network via a well-constructed request, which could...

PT-2024-10439 · Ibm · Ibm Fusion Hci +1

Name of the Vulnerable Software and Affected Versions: IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 Description: The issue is related to insufficient restriction of the communication channel for given endpoints, which may allow an attacker to gain unauthorized access to protected...

CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

IBM Storage Scale Authorization Issues Vulnerability

IBM Storage Scale is a storage solution from International Business Machines IBM designed to help organizations efficiently manage and scale storage resources to meet growing data storage needs. An authorization issue vulnerability exists in IBM Storage Scale Container Native, which stems from a...