69 matches found
CVE-2026-39409 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause...
CVE-2026-35409 Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...
GHSA-WV3H-5FX7-966H Directus: SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
Summary A Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation. Details Directus implements an IP deny-li...
CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...
LibreChat 代码问题漏洞
LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Prior to LibreChat 0.8.3, there were code vulnerabilities. These vulnerabilities stemmed from the isPrivate...
Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...
OpenClaw Server-Side Request Forgery Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability. The vulnerability stems from the fact that SSRF protection can be bypassed using a full form IPv4 mapping IPv6 literal, which can be exploited by an attacke...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...
SUSE-SU-2026:0495-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. - CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock...
SUSE-SU-2026:0475-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. - CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock bsc1245723...
CVE-2026-24398
CVE-2026-24398 — Hono IPv4 address validation bypass : Prior to 4.11.7, IP Restriction Middleware fails to validate IPv4 octets in the src/utils/ipaddr.ts code paths, due to a permissive IPv4_REGEX and an unsafe convertIPv4ToBinary function. This allows crafting malformed IPs that can bypass IP-b...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38147)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38147 advisory. - In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions fo...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-55092
CVE-2025-55092 affects Eclipse Foundation NetX Duo prior to 6.4.4, a networking stack for Eclipse ThreadX. The issue is a potential out-of-bounds read in the IPv4 handling path: in the function _nx_ipv4_option_process(), triggered when processing an IPv4 packet with the timestamp option. The Red ...
EUVD-2025-33397
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When forwarding-options sampling is enabled, receipt of any traffic destined to the...
CVE-2025-60004 Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service DoS. When an affected system receives a specific BGP EVPN updat...
CVE-2025-59967
CVE-2025-59967 describes a NULL Pointer Dereference in Juniper Networks Junos OS Evolved, specifically the evo-pfemand daemon used on ACX7024/7024X/7100-32C/7100-48L/7348/7509. The issue allows an unauthenticated adjacent attacker to trigger a crash/restart of evo-pfemand by receiving certain val...
PT-2025-41406
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S4-EVO Juniper Networks Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO Description A NULL Pointer Dereference issue exists in the PFE management daemon evo-pfemand o...
Linux Distros Unpatched Vulnerability : CVE-2023-53342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes...
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
...