SSRF Check 安全漏洞

SSRF Check is a check string developed by Felippe Regazio to detect whether it contains potential SSRF attacks. Versions of SSRF Check prior to 1.3.0 have security vulnerabilities; these vulnerabilities stem from the inability to prevent server-side request forgery attacks that map IPv4 addresses...

CVE-2026-39575

CVE-2026-39575 affects the WordPress plugin “Custom Query Blocks” (Ronald Huereca) for the post-type-archive-mapping feature, with DOM-based XSS caused by improper neutralization of input during web page generation. Affected versions are

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

doge_dns (>=0.2.4-beta <=1.0.2), rev-up-your-harley (>=0.1.0 <=1.0.1) +4 more potentially affected by unknown CVE via unic-idna-mapping (>=0.4.0 <=0.9.0)

unic-idna-mapping CARGO version =0.4.0, =0.2.4-beta, =0.1.0, =0.1.0, =0.5.0, =0.7.0, =0.4.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0097...

Linux Distros Unpatched Vulnerability : CVE-2022-2590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only shared memory mappings. Th...

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits...

CVE-2024-57967

CVE-2024-57967 affects CyberArk Privileged Access Manager Self-Hosted (PVWA) prior to version 14.4. The issue, described across multiple sources, is a potential elevation of privileges linked to LDAP mapping within PVWA, with a CVSSv3.1 base score of 4.2 (Medium) and a network attack vector (high...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset CVE-2024-42315 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock...

CVE-2021-47064

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76dmatxqueueskbraw, its field skipunmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

CVE-2020-12138

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM...

SUSE-SU-2016:1038-1 Security update for Linux Kernel Live Patch 6

This update for the Linux Kernel 3.12.44-52.10.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...