CVE-2026-45577 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

EUVD-2020-26235

Malware in sbrugna...

AZL-53507 CVE-2024-50264 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

GSD-2022-1006296 rose: check NULL rose_loopback_neigh->loopback

rose: check NULL roseloopbackneigh-loopback This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.327 by commit...

PT-2022-23048 · Loopback +1 · Loopback +1

Name of the Vulnerable Software and Affected Versions: LoopBack versions prior to 5.5.1 Description: Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector...

IBM Loopback Injection Vulnerability

IBM Loopback is a U.S. IBM NodeJs-based API framework. The framework can support NodeJs applications and most major databases , IOS, Android and other devices , data sources , configuration sources to interact . Loopback version 8.0.0 suffers from an injection vulnerability that allows an attacke...

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

@cc_server/api (>=1.4.0 <=1.7.0), agneta-platform (>=0.13.0-beta.1 <=0.13.0-beta.9) +7 more potentially affected by unknown CVE via loopback (>=3.11.1 <=3.23.0)

loopback NPM version =3.11.1, =1.4.0, =0.13.0-beta.1, =0.0.5, =0.0.39 Source cves: unknown CVE Source advisory: OSV:GHSA-724C-6VRF-99RQ...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

Unauthorized Access

loopback is vulnerable to unauthorized access. If an admin instance and a customer instance share the same user id and password, the customer instance can change the password of the admin instance using their regular access token...

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service (1)

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service 1 / source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and...