Lucene search
K

1405 matches found

Snyk
Snyk
added 2026/03/18 4:41 a.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 3:14 a.m.4 views

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References3
OSV
OSV
added 2026/03/17 5:12 p.m.7 views

GHSA-PHQM-JGC3-QF8G Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

kube-router Proxy Module Does Not Validate ExternalIPs or LoadBalancer IPs Against Configured Ranges Summary This issue primarily affects multi-tenant clusters where untrusted users are granted namespace-scoped permissions to create or modify Services. Single-tenant clusters or clusters where all...

7.1CVSS6.7AI score0.00297EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.9 views

PT-2026-25978

Name of the Vulnerable Software and Affected Versions Kube-router versions prior to 2.8.0 Description Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. This impacts multi-tenant clusters where untrusted user...

7.1CVSS6.9AI score0.09274EPSS
Exploits4References10
HackRead
HackRead
added 2026/03/13 8:37 p.m.5 views

INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested

INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 3:20 p.m.7 views

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effor...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/09 1:15 p.m.11 views

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

7.5CVSS0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.3 views

PT-2026-23824

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain a Server-Side Request Forgery SSRF condition in the testwebhooknotifications.php file. The application does not...

5.3CVSS5.8AI score0.00331EPSS
Exploits1References10
Snyk
Snyk
added 2026/03/06 11:56 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webfetch process. An attacker can access internal resources and sensitive data by exploiting DNS rebinding to bypass URL validation and force the application to connect to private IP addresses...

9.3CVSS5.8AI score0.00355EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 10:16 p.m.4 views

GHSA-GP2F-7WCM-5FHX Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

7CVSS6.2AI score0.00446EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2026/02/23 10:16 p.m.18 views

Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

7CVSS6.2AI score0.00446EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2026/02/19 6:24 p.m.6 views

CVE-2026-23612

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBIPs parameter to...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25414

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...

5.1CVSS5.9AI score0.00384EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 1:16 p.m.5 views

CVE-2019-25414

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS0.00384EPSS
Exploits1References4
OSV
OSV
added 2026/02/19 1:16 p.m.6 views

CVE-2019-25413

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

5.1CVSS5.9AI score0.00384EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25413

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.8 views

CVE-2019-25414

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/19 12:2 p.m.24 views

CVE-2019-25413 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS0.00384EPSS
Exploits1References4
Rows per page
Query Builder