CVE-2026-45561

CVE-2026-45561 affects Roxy-WI web interface (versions 8.2.6.4 and earlier) and allows SSRF via the /smon/agent/{version,uptime,status,checks}/ endpoints. The path component is passed verbatim into requests.get("http://{server_ip}:{agent_port}/...") and is only constrained by Flask’s default URL ...

Astra Linux - уязвимость в cloud-init

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address. To prevent this, cloud-init’s default configurations disable platform enumeration...

FreeScout 1.8.206 Network Reachability and HTTP Security Audit Scanner

The provided PHP script is a network reconnaissance and auditing tool designed to scan a local IP range and identify reachable hosts potentially running web services such as FreeScout...

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2025-2408)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

EUVD-2020-4259

Malware in sbrugna...

EUVD-2021-2351

Malware in sbrugna...

EUVD-2025-7318

Malicious code in bioql PyPI...

EUVD-2025-28984

Malicious code in bioql PyPI...

EUVD-2024-3353

Malicious code in bioql PyPI...

EUVD-2024-33023

Malicious code in bioql PyPI...

EUVD-2023-2458

Malicious code in bioql PyPI...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...

Amazon Linux 2023 : cloud-init, cloud-init-cfg-ec2, cloud-init-cfg-onprem (ALAS2023-2025-1082)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1082 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...

CVE-2024-6174

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...

AZL-64374 CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...

CVE-2024-6174

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...

CVE-2024-6174

Summary: CVE-2024-6174 affects cloud-init. When a non-x86 platform is detected, it could grant root access to a hardcoded URL with a local IP. This is the underlying cause. Impact: High (CVSS v3.1: 8.8, privileges required: none, user interaction: none, scope: unchanged). Affected scope (from con...

CVE-2024-6174

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...