EUVD-2026-33365

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

HTTPS Fetch, Windows Command Shell, Hidden Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...

PT-2026-29663

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^d+.d+.d+.d+$/. This only...

CVE-2026-34443

FreeScout (Laravel) contains a flaw in checkIpByMask() in app/Misc/Helper.php prior to version 1.8.211: it only checks for a slash and returns false for plain IPs, bypassing CIDR evaluation. This leaves the 10.0.0.0/8 and 172.16.0.0/12 private ranges unprotected, enabling potential SSRF-like expo...

CVE-2026-34443

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

EUVD-2026-12441

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414473 advisory. In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet...

EUVD-2022-24870

Malicious code in bioql PyPI...

EUVD-2024-46115

Malicious code in bioql PyPI...

Malicious code in valid-ip-check (npm)

The package valid-ip-check was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-47448 Malicious code in valid-ip-check (npm)

The package valid-ip-check was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

CVE-2024-52273

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 setDoublePppoeConfig-guestipcheckoverflow arg: mask modules allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50...

CVE-2022-1579

The function checkisloginpage uses headers for the IP check, which can be easily spoofed...

BIT-NODE-MIN-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

CVE-2024-52273

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 setDoublePppoeConfig-guestipcheckoverflow arg: mask modules allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50...

CVE-2024-52274

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 setDoubleL2tpConfig-guestipcheckoverflow arg: mask modules allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50...

Tenda AC6 安全漏洞

Tenda AC6 is a wireless router from Shenzhen Tenda Technology Co. A buffer overflow vulnerability exists in Tenda AC6. The vulnerability stems from the guestipcheck function in the setDoublePppoeConfig module not properly validating input. No detailed vulnerability details are provided at this ti...