Lucene search
K

7 matches found

OSV
OSV
added 2026/01/26 2:48 p.m.4 views

BIT-NODE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS6AI score0.00663EPSS
Exploits1References2
OSV
OSV
added 2025/10/01 9:20 p.m.2 views

GHSA-XJV7-6W92-42R7 marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

6.9CVSS7.5AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/23 10:9 p.m.6 views

CVE-2025-2828

A Server-Side Request Forgery SSRF flaw was found in the langchain-community package due to a lack of restriction enforcement on specific internet addresses. This flaw allows an attacker to access local services, conduct port scans, retrieve instance metadata, or interact with local network...

10CVSS8.1AI score0.14059EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.15 views

CVE-2020-16171

An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct...

6.5CVSS6.7AI score0.05505EPSS
Exploits4
Huntr
Huntr
added 2025/03/25 8:42 p.m.8 views

SSRF Vulnerability in RequestsToolkit in langchain-community in langchain-ai/langchain

Description Vulnerability Description RequestsToolkit enables AI agents to perform HTTP requests GET, POST, PATCH, PUT, DELETE via LangChain workflows. However, a Server-Side Request Forgery SSRF vulnerability exists in the RequestToolkit component of the langchain-community package specifically,...

10CVSS6.9AI score0.14059EPSS
Exploits1
Veracode
Veracode
added 2025/01/30 8:45 a.m.7 views

Server-Side Request Forgery (SSRF)

github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...

5.3CVSS6.5AI score0.00844EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2008/08/13 2:19 p.m.5 views

Java-API calls in untrusted Javascript allow network privilege escalation

Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...

9.3CVSS7.5AI score0.05684EPSS
Exploits0References4
Rows per page
Query Builder