1747 matches found
EUVD-2025-29749
Malicious code in bioql PyPI...
EUVD-2022-28274
Malicious code in bioql PyPI...
EUVD-2024-19196
Malicious code in bioql PyPI...
EUVD-2024-2965
Malicious code in bioql PyPI...
PT-2025-40603
Name of the Vulnerable Software and Affected Versions Anyquery versions 0.4.3 and below Description Anyquery is an SQL query engine built on top of SQLite. Attackers who have gained access to localhost, even with low privileges, can use the http server through the port unauthenticated and access...
CVE-2025-59956
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...
CVE-2025-59956 AgentAPI exposed user chat history via a DNS rebinding attack
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...
CVE-2025-59956 AgentAPI exposed user chat history via a DNS rebinding attack
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...
Coder AgentAPI exposed user chat history via a DNS rebinding attack
Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...
DNS Rebinding
Overview Affected versions of this package are vulnerable to DNS Rebinding when hosted over plain HTTP on localhost. An attacker can access sensitive user data and chat history via the /messages endpoint that may include secret keys, file system contents, and intellectual property by enticing the...
GHSA-W64R-2G3W-W8W4 Coder AgentAPI exposed user chat history via a DNS rebinding attack
Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...
PT-2025-39925
Name of the Vulnerable Software and Affected Versions AgentAPI versions 0.3.3 and below Description AgentAPI, an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex, is susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain acce...
@andrewzagorski/admin (>=4.25.19-patch.1 <=4.25.19-patch.3), @applitools/autonomous-lib (>=1.3.4 <=4.0.251-beta.0) +147 more potentially affected by CVE-2025-9960 via is-localhost-ip (>=1.4.0 <=3.0.1)
is-localhost-ip NPM version =1.4.0, =4.25.19-patch.1, =1.3.4, =2.3.7, =1.0.0, =1.2.11, =0.5.1, =1.0.6, =1.0.0, =1.13.7, =1.0.0, =3.30.0, =4.22.1, =1.14.0, =1.14.1, =1.14.1, =1.31.7 and more Source cves: CVE-2025-9960 Source advisory: SNYK:JS-ISLOCALHOSTIP-13004668...
Server-side Request Forgery (SSRF)
Overview is-localhost-ip is a Checks whether given DNS name or IPv4/IPv6 address belongs to a local machine Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the isLocalhost function which misclassifies IP addresses and allows localhost checks to be bypassed...
CVE-2025-9960
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery SSRF. This issue affects is-localhost-ip: 2.0.0...
CVE-2025-9960
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery SSRF. This issue affects is-localhost-ip: 2.0.0...
CVE-2025-9960 is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery SSRF. This issue affects is-localhost-ip: 2.0.0...
CVE-2025-9960 is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery SSRF. This issue affects is-localhost-ip: 2.0.0...
CVE-2025-9960
CVE-2025-9960 affects is-localhost-ip 2.0.0 and is a restriction bypass that enables SSRF. Public sources describe that is-localhost-ip can misclassify addresses, allowing localhost checks to be bypassed (e.g., IPv6-mapped IPv4 forms such as ::ffff:127.0.0.1) to access internal resources. Several...
PT-2025-39063
Name of the Vulnerable Software and Affected Versions is-localhost-ip version 2.0.0 Description A restriction bypass issue in is-localhost-ip may allow attackers to perform Server-Side Request Forgery SSRF. SSRF occurs when a server is tricked into making requests to unintended locations,...