Lucene search
K

7 matches found

CVE
CVE
added last week17 views

CVE-2026-60105

Monsta FTP before 2.14.5 contains a server-side request forgery (SSRF) in the fetchRemoteFile action due to an incomplete IP blocklist in isBlockedIP(), which fails to detect IPv4 addresses embedded in IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52068

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. An issue exists where the IP filter designed to prevent external requests from reaching internal services can be bypassed. This is achieved by using ...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References5
OSV
OSV
added 2026/04/06 9:31 p.m.3 views

CVE-2026-35409 Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...

7.7CVSS5.9AI score0.00336EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-1726

Malware in sbrugna...

4.3CVSS6.4AI score0.00674EPSS
Exploits0References2
n0where
n0where
added 2018/09/05 5:4 p.m.40 views

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

Exploits0References4
CVE
CVE
added 2008/12/09 12:0 a.m.57 views

CVE-2008-5398

CVE-2008-5398 affects Tor up to version before 0.2.0.32, where the ClientDNSRejectInternalAddresses option is not consistently enforced when an exit relay issues a policy-based stream refusal. This can allow remote exit relays to map an internal IP address to the destination hostname of the refus...

9.3CVSS6.3AI score0.02036EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder