org.webjars.npm:npmcli__agent (>=2.2.2 <=3.0.0), org.webjars.npm:pac-proxy-agent (=4.1.0) +6 more potentially affected by CVE-2026-42338 via org.webjars.npm:ip-address (>=5.8.9 <=9.0.5)

org.webjars.npm:ip-address MAVEN version =5.8.9, =2.2.2, =2.8.3, =5.0.0, =8.0.5 - org.webjars.npm:socks5-client =1.2.6 - org.webjars.npm:socks5-http-client =1.0.4 - org.webjars.npm:socks5-https-client =1.2.1 Source cves: CVE-2026-42338 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16636414...

PT-2026-31585

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 version 1.01B02 Description A flaw exists in the sprintf function within the prog.cgi file of the HNAP1 SetNetworkSettings Handler component. Manipulation of the IPAddress argument can lead to operating system command injection...

PT-2026-23625

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 version V240425 Description A stack-based buffer overflow exists in the function sub 401A0C within the file /cgi-bin/login.cgi. Manipulation of the ipaddr argument can trigger this issue, allowing for remote exploitation. Th...

EUVD-2008-1267

Malware in sbrugna...

EUVD-2022-24903

Malicious code in bioql PyPI...

EUVD-2021-32237

Malicious code in bioql PyPI...

EUVD-2022-43896

Malicious code in bioql PyPI...

CVE-2025-54126

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

CVE-2025-40911

CVE-2025-40911 affects Net::CIDR::Set for Perl versions 0.10–0.13, which misparses IP CIDR strings with leading zeros, allowing potential access-control bypass. Root cause: octal interpretation of leading zeros; Net::CIDR::Set derived code from Net::CIDR::Lite (CVE-2021-47154). Public details poi...

CVE-2025-2691

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2024-54450

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the possibly forged IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP addres...

CVE-2024-28144

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...

PT-2024-4391

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.22 Description The issue is related to the improper handling of extraneous zero characters at the beginning of an IP address string. This can allow attackers to bypass access control based on IP addresses in...

Server Side Request Forgery (SSRF)

ip is vulnerable to Server Side Request Forgery. The vulnerability is due to the isPublic function's failure to interpret and classify hexadecimal IP address representations. If an application utilizes the isPublic or isPrivate functions to determine if an address is public, an attacker can prefo...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-1152)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the implementation of the oal_wan6_setIpAddr() function in the libcmm.so module of the TP-Link TL-WR840N (ES) router’s software allows a attacker to execute arbitrary code.

The vulnerability in the implementation of the oalwan6setIpAddr function in the libcmm.so module of the TP-Link TL-WR840N ES router’s software lies in the failure to properly handle special elements when processing the XTPExternalIPv6Address argument. Exploiting this vulnerability allows an...

CVE-2021-45977

CVE-2021-45977 affects JetBrains IDEs used as Remote Development backends where the affected products bound to the 0.0.0.0 address. The vulnerability description from connected sources notes exposure of the backend service due to binding to an all interfaces address. Fixed versions are provided: ...