Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52079

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description When using Ruby versions older than 3.4, the PrivateAddressCheck.private address? function incorrectly returns false for...

8.6CVSS6AI score0.00232EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56266 Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6.1AI score0.00421EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.6 views

CVE-2026-56266

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 9:4 p.m.10 views

EUVD-2026-38366

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6AI score0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:4 p.m.15 views

CVE-2026-56266

CVE-2026-56266 affects Crawl4AI prior to 0.8.7. The vulnerability is a server-side request forgery in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user‑supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6‑mappe...

9.2CVSS6AI score0.00276EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-51404

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description Multiple security issues affect the Crawl4AI Docker API server. The software is susceptible to Server-Side Request Forgery SSRF, a condition where an attacker can induce the server to make requests ...

9.2CVSS6.1AI score0.00276EPSS
Exploits0References15
NVD
NVD
added 2026/05/12 6:17 p.m.19 views

CVE-2026-43929

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:49 p.m.32 views

CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS0.00226EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.9 views

Fedora 44 : perl-Net-CIDR-Lite (2026-fe487aa625)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fe487aa625 advisory. This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses: Fix IPv4 mapped IPv6 packed length CVE-2026-4019...

7.5CVSS5.5AI score0.00309EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:44 p.m.4 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the isSSRFSafeURL function in the unauthenticated plugin/LiveLinks/proxy.php endpoint. An attacker can access internal network...

9.3CVSS5.8AI score0.0032EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:44 p.m.4 views

GHSA-P3GR-G84W-G8HH AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy

Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References4
Snyk
Snyk
added 2025/09/22 7:42 p.m.3 views

Server-side Request Forgery (SSRF)

Overview is-localhost-ip is a Checks whether given DNS name or IPv4/IPv6 address belongs to a local machine Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the isLocalhost function which misclassifies IP addresses and allows localhost checks to be bypassed...

7.2CVSS6.6AI score0.00357EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2024/10/30 1:33 a.m.3 views

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

9.8CVSS7.2AI score0.01952EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2024/10/24 7:54 a.m.4 views

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 CVE-2024-24790: Fixed unexpected behavior from Is...

7.5CVSS7.9AI score0.91969EPSS
Exploits2References48
RedHat Linux
RedHat Linux
added 2024/08/22 12:2 p.m.5 views

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

9.8CVSS7.2AI score0.01952EPSS
Exploits0References4
Rows per page
Query Builder