Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

0day.today
0day.todayadded 2022/05/16 12:0 a.m.230 views

IpMatcher 1.0.4.1 Server-Side Request Forgery Vulnerability

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors. Exploit Title: SSRF in .N...

9.8CVSS0.4AI score0.00743EPSS
Exploits3
Packet Storm
Packet Stormadded 2022/05/16 12:0 a.m.217 views

IpMatcher 1.0.4.1 Server-Side Request Forgery

Exploit Title: SSRF in .NET C IpMatcher v1.0.4.1 and below NuGet package: CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors. Date: 22/09/2022 Exploi...

0.8AI score0.00743EPSS
Exploits3
RedHat Linux
RedHat Linuxadded 2021/11/16 3:43 p.m.2 views

django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses

A flaw was found in django. Leading zeros in octal literals aren't prohibited in IP addresses. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. The highest threat from this vulnerability is to data integrity...

7.5CVSS7.1AI score0.00015EPSS
Exploits0References5
OpenVAS
OpenVASadded 2021/06/09 12:0 a.m.30 views

Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Windows

Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2021/06/02 5:45 p.m.69 views

CVE-2021-33571

A flaw was found in django. Leading zeros in octal literals aren't prohibited in IP addresses. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. The highest threat from this vulnerability is to data integrity. Mitigation Mitigation for this issue is either no...

7.5CVSS0.9AI score0.00015EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2021/04/13 3:18 p.m.37 views

Server-Side Request Forgery in private-ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.4AI score0.02409EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2020/11/23 8:33 p.m.51 views

CVE-2020-28360

CVE-2020-28360 describes an SSRF vulnerability in the npm package private-ip (versions 1.0.5 and earlier). The root cause is an insufficient RegEx filter for reserved IP ranges, allowing an attacker to craft requests to ARIN/other reserved ranges, which can lead to remote server-side resource req...

9.8CVSS9.7AI score0.02409EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder