Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/08 10:11 p.m.36 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 1:46 p.m.9 views

OPENSUSE-SU-2026:20350-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References7
OSV
OSV
added 2020/04/21 5:15 p.m.3 views

UBUNTU-CVE-2020-1757

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an...

8.1CVSS7.2AI score0.01571EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2003/06/10 12:0 a.m.14 views

PT-2003-1047 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1 and earlier Description: The issue allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address, when...

10CVSS8.2AI score0.99506EPSS
Exploits207References352
Rows per page
Query Builder