Lucene search
+L

6 matches found

Snyk
Snyk
added 2026/07/10 12:29 a.m.4 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution when the gh codespace jupyter process opens a JupyterLab URL supplied by a process inside a Codespace without validating that it is a loopback HTTP or HTTPS address. An attacker can execute arbitrary command...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-57006

Name of the Vulnerable Software and Affected Versions GitHub CLI gh versions 2.10.0 through 2.95.0 Description Connecting to a malicious Codespace using the gh codespace jupyter command can lead to command execution. This occurs because the tool opens a JupyterLab URL provided by a process within...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References10
CVE
CVE
added 2026/04/29 6:35 p.m.20 views

CVE-2026-7422

CVE-2026-7422 affects FreeRTOS-Plus-TCP; insufficient packet validation in IPv4/IPv6 processing (before V4.2.6 and V4.4.1) allows an adjacent attacker to bypass checksum and minimum-size checks by spoofing the Ethernet source MAC to a local endpoint, since loopback-detection skips validation for ...

7.1CVSS5.3AI score0.00177EPSS
Exploits0References4Affected Software1
RustSec
RustSec
added 2026/04/29 12:0 p.m.7 views

DNS rebinding vulnerability in rmcp Streamable HTTP server transport

Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface. An attacker wh...

8.8CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/08 6:2 p.m.2 views

CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References3
Rows per page
Query Builder