Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1624)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1624 advisory. Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exact...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

GO-2026-4578 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver...

GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

Red Hat OpenShift 代码问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A code issue vulnerability exists in Red Hat OpenShift that stems from a lack of IP address and network range validation, which could...

PT-2025-51557

Name of the Vulnerable Software and Affected Versions ose-openshift-apiserver affected versions not specified Description A flaw exists in ose-openshift-apiserver that permits internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS. Thi...

CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTT...

Qualys Cloud Platform 8.21.7 New Features

Update November 27, 2019: The features referenced in this blog post will be released in Qualys Cloud Platform release 8.22. Update November 19, 2019: The features referenced in this blog post will be released in the next Qualys Cloud Platform release scheduled for December 2019, and will be...

URLextractor - Information Gathering and Website Reconnaissance

Informationgathering & website reconnaissance Usage: ./extractor http://www.hackthissite.org/ Tips: Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT" Tldextract: is used by dnsenumeration function pip insta...

Exploit for Use After Free in Microsoft

cve-2019-0708-...

CVE-2019-5914

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point...

Null pointer dereference

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point...

CVE-2019-5914

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)

Heartbleed Vulnerability Scanner is a multiprotocol HTTP, IMAP, SMTP, POP CVE-2014-0160 scanning and automatic exploitation tool written with python. For scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system...

SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Potential information disclosure relating to SBOP Explorer Risk: Medium Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note:...

Metasploit 3.5.1 adds Cisco device exploitation !

Metasploit now enables security professionals to exploit Cisco devices, performs passive reconnaissance through traffic analysis, provides more exploits and evaluates an organization's password security by brute forcing an ever increasing range of services. This latest release adds stealth...