GHSA-86M8-88FQ-XFXP Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes

Summary IsPublicIP in pkg/gotenberg/outbound.go incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations e.g., cloud metadata services at 169.254.169.254 via a single crafted DNS AAAA record. This...

CVE-2026-8369

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

CVE-2025-53856

When a virtual server, network address translation NAT object, or secure network address translation SNAT object uses the embedded Packet Velocity Acceleration ePVA feature, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. To determine which BIG-IP platforms have...

CVE-2025-53856

CVE-2025-53856 (TMM ePVA DoS) : The vulnerability affects BIG-IP when the embedded ePVA feature is used by a NAT/SNAT/virtual server and the Auto Last Hop setting is disabled, allowing undisclosed traffic to terminate the Traffic Management Microkernel (TMM) and cause DoS. A remote, unauthenticat...

CVE-2025-7328

CVE-2025-7328 relates to Rockwell Automation Comms-1783-NATR, where multiple broken authentication vulnerabilities exist due to missing authentication checks on critical functions. The impact described across sources includes potential denial-of-service, admin account takeover, and NAT rule modif...

PT-2025-27967

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel can cause a kernel crash when a not-so-careful NAT46 BPF program indiscriminately flips ingress packets from IPv4 to IPv6. This issue occurs because...

CVE-2022-41806

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization...

Contiki and Contiki-NG Buffer Error Vulnerabilities

Contiki is an open source cross-platform operating system for IoT Internet of Things devices.Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG and Contiki suffer from a buffer error vulnerability that stems from a function...