is-localhost-ip 代码问题漏洞

is-localhost-ip is a tool by the individual developer Konstantin Vyatkin to check if a given host/DNS name or IPv4/IPv6 address belongs to the local computer. A code issue vulnerability exists in is-localhost-ip version 2.0.0, which stems from a restriction bypass that could lead to a server-side...

sslyze

It is an offensive tool for scanning SSL/TLS configurations. The primary target of this tool is the SSL/TLS configuration of a server, which can be analyzed to ensure it uses strong encryption settings and is not vulnerable to known TLS attacks. The tool can connect to a server to perform the...

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

Creality Cloud App 安全漏洞

Creality Cloud App is a 3D printing mobile application from Creality China. A security vulnerability exists in Creality Cloud App version 6.1.0 and earlier, which stems from an improperly exported component com.cxsw.sdprinter in the file AndroidManifest.xml, which could lead to a localhost attack...

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

PT-2025-38241

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.1 Description: ZimaOS, a fork of CasaOS, is susceptible to a file upload issue. The /v2 1/files/file/uploadV2 API endpoint permits file uploads from any user with localhost access, and these uploads are executed...

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/uploadV2 endpoint that allows a...

PT-2025-38236

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.2 Description: ZimaOS, a fork of CasaOS, is susceptible to a file read issue. The /v2 1/files/file/download API endpoint allows unauthorized file access from any user with localhost access. File reads are executed...

Server-side Request Forgery (SSRF)

Overview ip is a Node library. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as octal localhost format...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as octal localhost format "017700000001" that is...

Linux Distros Unpatched Vulnerability : CVE-2024-28335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the...

CVE-2025-57814

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

Linux Distros Unpatched Vulnerability : CVE-2020-8562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when...

Linux Distros Unpatched Vulnerability : CVE-2020-8558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent...