Lucene search
K

162 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:23 p.m.3 views

CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.11 views

PT-2026-28430

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.2-rc2 through 0.8.2 Description LibreChat, a ChatGPT clone with additional features, has a server-side request forgery SSRF issue in versions 0.8.2-rc2 through 0.8.2 when utilizing agent actions or MCP. A prior SSRF fix...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:17 a.m.6 views

CVE-2025-41761

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

7.8CVSS5.9AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

MetaCPAN Net::CIDR::Set 安全漏洞

MetaCPAN Net::CIDR::Set is a library from the MetaCPAN Foundation. Versions of MetaCPAN Net::CIDR::Set prior to 0.24 contained a security vulnerability. This vulnerability stemmed from improper handling of leading zeros in IP CIDR addresses, which could lead to bypassing IP-based access controls...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/24 2:39 a.m.32 views

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS0.00446EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/11 9:11 p.m.4 views

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

4.1CVSS5.4AI score0.00371EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 9:11 p.m.28 views

CVE-2026-26019

CVE-2026-26019 affects the LangChain JS library (@langchain/community) before version 1.1.14, specifically the RecursiveUrlLoader. The cause is insufficient URL origin validation: it relied on String.startsWith() to compare URLs, failing to validate semantic origin and permitting crawling of atta...

4.1CVSS5.4AI score0.00371EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.5 views

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

9.8CVSS5.3AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.7 views

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

9.8CVSS0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 4:15 a.m.3 views

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

9.8CVSS5.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 3:16 a.m.6 views

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

6.9CVSS5.2AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 3:16 a.m.4 views

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

6.9CVSS5.3AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 4:6 p.m.16 views

CVE-2026-21862

RustFS had an authorization bypass vulnerability in IP-based access control prior to alpha.78. The get_condition_values logic trusts client-supplied X-Forwarded-For/X-Real-IP without proxy verification, allowing reachable clients to spoof aws:SourceIp and defeat IP allowlists. This can enable una...

8.7CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-13694

The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...

5.3CVSS6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.17 views

CVE-1999-0161

In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering...

7.5CVSS7AI score0.01667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 1:37 a.m.1 views

CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 1:37 a.m.4 views

EUVD-2025-201792

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

6.5CVSS6.3AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 1:37 a.m.18 views

CVE-2025-66508

1Panel (GitHub/Governance: 1Panel) contains a vulnerability where Gin’s default proxy trust config (TrustedProxies = 0.0.0.0/0) causes X-Forwarded-For headers to be trusted, letting attackers bypass IP-based access controls (AllowIPs, API whitelists, localhost checks) by sending X-Forwarded-For: ...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/09 1:37 a.m.10 views

CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

6.5CVSS6.8AI score0.00204EPSS
Exploits0References4
Rows per page
Query Builder