arkadiyt-projects: SSRF Filter Bypass via Unblocked NAT64 Local-Use IPv6 Prefix (64:ff9b:1::/48)

A vulnerability was discovered in the ssrffilter library version 1.3.0. The library failed to block the NAT64 local-use IPv6 prefix 64:ff9b:1::/48, allowing such addresses to be treated as public. This enabled SSRF requests through /fetch to targets encoded under that prefix when routable in the...

GHSA-JMMG-JQC7-5QF4 OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. Context and Preconditions OpenClaw’s web/gateway surface ...

EUVD-2025-14718

Malicious code in bioql PyPI...

EUVD-2025-24131

Malicious code in bioql PyPI...

CVE-2025-31946

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash...

CVE-2025-31946

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash...

PT-2025-20436 · Pixmeo · Osirix Md

Name of the Vulnerable Software and Affected Versions: Pixmeo OsiriX MD affected versions not specified Description: The issue is related to a local use after free scenario. An attacker could locally import a crafted DICOM file, potentially causing memory corruption or a system crash...

CVE-2024-7940

The product exposes a service that is intended for local only to all network interfaces without any authentication...

CVE-2023-49092

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)

An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detectio...

GHSA-CCH6-5X4H-6QC5 Directory Traversal in tiny-http

Affected versions of tiny-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

Set System Name

Get the system name that was input into the UI and set it locally for use in other plugins. TRUSTED...

sudo default configuration of the hazard and the local mention of the right of use-vulnerability warning-the black bar safety net

Pixel bun sudo allows a regular user to other users permissionsdefault is rootto perform some or all of the commands, it is a control non-Ops the permission of the good scenarios to put the root to the non-operation and maintenance personnel is quite dangerous a thing, and also a avoid ssh direct...