Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.9 views

CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/25 10:57 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /https route handler. An attacker can access internal network resources and retrieve sensitive information by supplying a crafted domain that resolves to a loopback or private IP address, thereby...

8.7CVSS5.9AI score0.00339EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.10 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

6.5CVSS5.5AI score0.00419EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 8:15 p.m.9 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

6.5CVSS0.00419EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/09 7:33 p.m.32 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS0.00419EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/09 7:33 p.m.4 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7142

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save images Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References4
NVD
NVD
added 2025/09/15 2:15 p.m.4 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

9.8CVSS0.00611EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.3 views

Progress Software OpenEdge 安全漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge that originates from a hostname validation that allows bypassing TLS certificates...

7.2CVSS6.7AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder