Lucene search
K

4 matches found

CVE
CVE
added 2026/05/28 5:27 p.m.31 views

CVE-2026-45373

CodeWhale: SSRF bypass in DeepSeek-TUI (CodeWhale via DeepSeek + MiMo) allows http://[::1] to bypass hostname validation prior to 0.8.26. The vulnerability stems from SSRF defenses not handling IPv6 literals correctly, enabling access to internal resources. Affected version is before 0.8.26; reme...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 5:27 p.m.32 views

CVE-2026-45373 CodeWhale: SSRF‌ IPV6 bypass

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

7.4CVSS0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:11 a.m.42 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS0.00237EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 3 : kernel-2.6.18-348.2.AXS3 (AXSA:2013-124:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-124:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

5CVSS7.7AI score0.03614EPSS
Exploits3References4
Rows per page
Query Builder