Lucene search
K

5 matches found

Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 11:24 p.m.20 views

CVE-2026-41372

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.

6.9CVSS5.3AI score0.00251EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/07 6:15 p.m.11 views

OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Summary Before OpenClaw 2026.4.2, remote CDP discovery could return a trailing-dot localhost host such as localhost. and bypass OpenClaw's loopback-host normalization. That let a non-loopback remote CDP profile pivot the follow-up connection back onto localhost. Impact A hostile discovery respons...

6.9CVSS6AI score0.00251EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/25 4:4 a.m.4 views

EUVD-2026-8620

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...

7.2CVSS5.5AI score0.01318EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2021/01/13 12:0 a.m.27 views

Debian DLA-2522-1 : coturn security update

A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses 127.x.x.x and ::1. A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the...

7.2CVSS7.2AI score0.01318EPSS
Exploits3References4
Rows per page
Query Builder