CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1747 matches found

OSV•added 2022/02/01 11:15 a.m.•1 views

DEBIAN-CVE-2020-8562

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

3.1CVSS6.1AI score0.00056EPSS

Exploits0References1

OSV•added 2022/02/01 11:15 a.m.•1 views

UBUNTU-CVE-2020-8562

3.1CVSS6.1AI score0.00056EPSS

Exploits0References3

Veracode•added 2022/01/31 9:39 p.m.•16 views

Server-Side Request Forgery (SSRF)

calibreweb is vulnerable to server-side request forgery. The vulnerability exists in deleteuser function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover...

9.8CVSS3.2AI score0.00245EPSS

Exploits1References5Affected Software1

Microsoft CVE•added 2022/01/19 8:0 a.m.•2 views

Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

...

5.9CVSS7.5AI score0.00134EPSS

Exploits1

OSV•added 2022/01/18 5:15 p.m.•14 views

CVE-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...

4.3CVSS6.4AI score0.00143EPSS

Exploits0References2

UbuntuCve•added 2022/01/18 5:15 p.m.•23 views

CVE-2021-39927

4.3CVSS5.9AI score0.00143EPSS

Exploits0References2

Prion•added 2022/01/18 5:15 p.m.•17 views

Server side request forgery (ssrf)

3.5CVSS4.6AI score0.00143EPSS

Exploits0References2Affected Software1

OSV•added 2022/01/18 5:15 p.m.•1 views

UBUNTU-CVE-2021-39927

4.3CVSS5.8AI score0.00143EPSS

Exploits0References3

Positive Technologies•added 2022/01/18 12:0 a.m.•2 views

PT-2022-11089 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.4 through 14.4.4 GitLab CE/EE versions 14.5.0 through 14.5.2 GitLab CE/EE versions 14.6.0 through 14.6.1 Description: The issue concerns a server-side request forgery protection failure in GitLab CE/EE. This failure...

4.3CVSS4.2AI score0.00143EPSS

Exploits0References10

Huntr•added 2021/12/20 11:47 a.m.•144 views

Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Title Blind SSRF via URL fetch Summary calibre-web allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF. Steps to reproduce 1. 1. As an admin give permissions to upload...

7.5CVSS7.9AI score0.00245EPSS

Exploits1References1

OSV•added 2021/10/12 6:41 p.m.•18 views

GHSA-284F-F2HW-J2GX Server-Side Request Forgery vulnerability in concrete5

A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed...

8.2CVSS8.9AI score0.00396EPSS

Exploits0References5

Github Security Blog•added 2021/10/12 6:41 p.m.•34 views

Server-Side Request Forgery vulnerability in concrete5

9.8CVSS3.1AI score0.00396EPSS

Exploits0References5Affected Software1

NVD•added 2021/10/07 2:15 p.m.•11 views

CVE-2021-22958

9.8CVSS0.00396EPSS

Exploits0References2

OSV•added 2021/10/07 2:15 p.m.•1 views

CVE-2021-22958

9.8CVSS6.5AI score

Exploits0References2

Prion•added 2021/10/07 2:15 p.m.•12 views

Server side request forgery (ssrf)

7.5CVSS8.9AI score0.00396EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/10/07 1:35 p.m.•13 views

CVE-2021-22958

9.2AI score0.00396EPSS

Exploits0References2

OSV•added 2021/10/01 3:15 a.m.•18 views

CVE-2021-3626

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation...

8.8CVSS6.7AI score

Exploits0References1

Cvelist•added 2021/10/01 2:35 a.m.•15 views

CVE-2021-3626 Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts

8.8CVSS8.8AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2021/10/01 12:0 a.m.•3 views

PT-2021-21192 · Canonical · Multipass

Name of the Vulnerable Software and Affected Versions: Multipass versions prior to 1.7.0 Description: The issue allows any local process to connect to the localhost TCP control socket, enabling mounts from the operating system to a guest. This can lead to privilege escalation. Recommendations: Fo...

8.8CVSS8.5AI score0.00047EPSS

Exploits0References3

OSV•added 2021/09/23 8:15 p.m.•1 views

DEBIAN-CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

8.8CVSS8.3AI score0.00245EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by