Lucene search
K

9 matches found

OSV
OSV
added 2026/05/18 5:0 p.m.8 views

GHSA-FVH2-GM75-J4J7 dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/16 10:15 a.m.188 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 — Next.js WebSocket Upgrade SSRF Pre-authentic...

8.6CVSS5.8AI score0.38696EPSS
Exploits9
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.24 views

PT-2026-7089

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...

5.8CVSS5.6AI score0.00165EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/18 12:36 a.m.2 views

mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

5.4CVSS5.9AI score0.0026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/01/27 8:50 p.m.38 views

imgproxy is vulnerable to SSRF against 0.0.0.0

Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...

5.3CVSS6.5AI score0.00844EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/01/27 6:15 p.m.21 views

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

5.3CVSS0.00844EPSS
Exploits0References2
OSV
OSV
added 2025/01/27 5:23 p.m.13 views

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

5.3CVSS6.5AI score0.00844EPSS
Exploits0References4
CVE
CVE
added 2025/01/27 5:23 p.m.93 views

CVE-2025-24354

Imgproxy (CVE-2025-24354) is affected by a Server-Side Request Forgery (SSRF) due to not blocking the 0.0.0.0 address when IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES is false. This allows access to local-host services because 0.0.0.0 is not considered loopback by Go’s ip.IsLoopback() check. The iss...

5.3CVSS6.7AI score0.00844EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.4 views

PT-2025-5337 · Imgproxy +1 · Imgproxy +1

Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.27.2 Description: The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the 0.0.0.0 address, even when IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES is set to false...

8.9CVSS6.1AI score0.0104EPSS
Exploits2References89
Rows per page
Query Builder