ALPINE-CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

EUVD-2026-18889

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2025-66416

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.23.0, tThe Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost...

bftpd 安全漏洞

Bftpd is an FTP File Transfer Protocol server. A security vulnerability exists in bftpd 6.2 and earlier versions, which originates from a heap buffer overflow in the function expandgroups in the file options.c of the component Configuration File Handler, which could lead to a localhost attack...

EUVD-2021-2056

Malware in sbrugna...

EUVD-2025-24129

Malicious code in bioql PyPI...

Creality Cloud App 安全漏洞

Creality Cloud App is a 3D printing mobile application from Creality China. A security vulnerability exists in Creality Cloud App version 6.1.0 and earlier, which stems from an improperly exported component com.cxsw.sdprinter in the file AndroidManifest.xml, which could lead to a localhost attack...

CVE-2025-9097 Euro Information CIC banque et compte en ligne App com.cic_prod.bad AndroidManifest.xml improper export of android application components

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cicprod.bad. The manipulation leads to improper export of android application...

PT-2025-33623 · Euroinformation · Euro Information Cic Banque Et Compte En Ligne App

Name of the Vulnerable Software and Affected Versions: Euro Information CIC banque et compte en ligne App version 12.56.0 Description: A vulnerability exists due to improper export of android application components within the AndroidManifest.xml file of the com.cic prod.bad component. This allows...

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...

CVE-2025-3139

A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The...

Drive-by Localhost Attack

micronaut server is vulnerable to Drive-by Localhost Attack. The vulnerability is caused when unsecured management endpoints are enabled, which are susceptible to malicious HTTP requests from a compromised websites targeting localhost drive by localhost attack. The issue arises because some...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

GitLab: SSRF when importing a project from a git repo by URL

Fixed in 8.17.4, 8.16.8, and 8.15.8 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a project import URL of localhost an attacker could target services tha...