Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/07/08 9:2 p.m.41 views

CVE-2026-60105 Monsta FTP < 2.14.5 SSRF via IPv4-Mapped IPv6 Address Bypass

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS0.00308EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 2:31 p.m.26 views

CVE-2026-47684

CVE-2026-47684 — Sync-in Server SSRF bypass (IPv4-mapped IPv6 addresses) Affected product: Sync-in Server (file storage/sharing/collaboration). Vulnerability: The private IP blocklist regex (regExpPrivateIP) used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g., ::ffff:...

7.7CVSS5.2AI score0.00221EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/09 5:22 p.m.77 views

terraform-aws-wafacl-golden

terraform-aws-wafacl-golden !Terraformhttps://img.shields...

5.6AI score
Exploits0
Cvelist
Cvelist
added 2026/05/15 8:37 p.m.68 views

CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS0.003EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41165

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.22 Description The fetch url tool implements a check using the is restricted ip function to validate the resolved IP address of an initial URL against a blocklist of restricted IPs, such as localhost, private...

7.4CVSS5.7AI score0.00226EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/21 3:4 p.m.18 views

LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...

7.5CVSS5.9AI score0.4525EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2026/02/19 6:24 p.m.8 views

CVE-2026-23611

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 5:57 p.m.22 views

CVE-2026-23611 GFI MailEssentials AI < 22.4 Anti-Spam IP Blocklist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...

5.4CVSS5.7AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 7:41 p.m.5 views

CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...

6.9CVSS5.5AI score0.00359EPSS
Exploits1References3
CVE
CVE
added 2026/02/09 7:41 p.m.14 views

CVE-2026-25494

Craft CMS versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 are affected by a vulnerability in the saveAsset GraphQL mutation, where filter_var(..., FILTER_VALIDATE_IP) blocks a defined IP list but fails to recognize hexadecimal or mixed notations, allowing bypass of the blocklist t...

6.9CVSS5.5AI score0.00359EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 7:41 p.m.6 views

CVE-2026-25494

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...

6.9CVSS5.5AI score0.00359EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-4084

Malware in sbrugna...

5CVSS6.4AI score0.01343EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.8 views

PT-2025-8948 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: iOS version 18.2.1 Description: A zero-click attack on an iOS device leverages a vulnerability in Core Media, allowing attackers to deliver a malicious iMessage containing a specially crafted HEIF image. The exploit bypasses Apple’s BlastDoor...

8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.32 views

Fortinet Fortigate - IP address validation mishandles zero characters (FG-IR-23-446)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-446 advisory. - An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, versio...

4.7CVSS5.7AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 4:15 p.m.17 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS5.8AI score0.00467EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 4:15 p.m.67 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 3:33 p.m.61 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

3.4CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 3:33 p.m.43 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

3.4CVSS4.1AI score0.00467EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-5554 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.4.3 and below FortiProxy versions 7.2.10 and below FortiProxy versions 7.0.17 and below FortiOS versions 7.4.3 and below FortiOS versions 7.2.8 and below FortiOS versions 7.0.15 and below Description: The issue is relate...

4.7CVSS6.9AI score0.00467EPSS
Exploits0References10
Rows per page
Query Builder