CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

PT-2025-39307

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software versions prior to IOS XE 17.15.4a Description A vulnerability exists in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software. This flaw, a stack overflow condition, allows an...

DEBIAN-CVE-2025-21768

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own...

Cisco NX-OS Improper Handling of Exceptional Conditions (CVE-2020-3338)

A vulnerability in the Protocol Independent Multicast PIM feature for IPv6 networks PIM6 of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper error handling when processing...

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses...

CVE-2020-3338

A vulnerability in the Protocol Independent Multicast PIM feature for IPv6 networks PIM6 of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper error handling when processing...