CVE-2026-44492 Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

Am I affected? Users are affected if all of the following are true: - Their app uses better-auth at a version 1.4.17, or at a v1.5 prerelease tagged = 1.5.0-beta.8. - The apps authentication endpoints serve clients reachable over IPv6. Most managed hosts including Cloudflare, Vercel, Fly.io, AWS...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTP-based namespace verification process. An attacker can access internal or private network resources by supplying specially crafted IPv6 addresses that bypass the intended address allowlist...

Incomplete Filtering of Special Elements

Overview dssrf is a SSRF defense library for Node.js with safe URL validation utilities. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements via the isurlsafe function. An attacker can access internal network resources by supplying specially crafted IPv6...

CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

Linux Distros Unpatched Vulnerability : CVE-2026-43088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy...

Server-side Request Forgery (SSRF)

Overview link-preview-js is a Javascript module to extract and fetch HTTP link information from blocks of text. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of IPv6 and internal addresses during the DNS resolution process. An attacke...

CVE-2026-31630

A flaw was found in the Linux kernel, specifically within the rxrpc component. The AFRXRPC procfs helpers use fixed-size buffers to format local and remote socket addresses. When processing certain IPv6 addresses with ports, the formatted string can exceed the buffer's capacity, leading to a buff...

CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

CVE-2026-26310

Envoy (the Envoy proxy) has a vulnerability CVE-2026-26310 where calling Utility::getAddressWithPort with scoped IPv6 addresses can crash the data plane via original_src/dns filters. Affected pre-1.37.1 releases (and some older branches) are fixed in versions 1.37.1, 1.36.5, 1.35.8, and 1.34.13. ...

EUVD-2020-7858

Malware in sbrugna...

EUVD-2018-17284

Malware in sbrugna...

EUVD-2011-4785

Malware in sbrugna...

EUVD-2022-25004

Malicious code in bioql PyPI...

EUVD-2025-7613

Malicious code in bioql PyPI...

EUVD-2023-35454

Malicious code in bioql PyPI...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

SUSE-SU-2025:02050-1 Security update for python39

This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-451...