CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0556

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00236EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 3:22 a.m.•4 views

CVE-2023-24623

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS6.8AI score0.00236EPSS

Exploits0References1

OSV•added 2023/02/14 4:19 p.m.•15 views

GO-2023-1526 Server-side request forgery in github.com/hakobe/paranoidhttp

Paranoidhttp before is vulnerable to SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS7.4AI score0.00236EPSS

Exploits0References3

Veracode•added 2023/02/01 5:10 a.m.•28 views

Server-Side Request Forgery (SSRF)

github.com/hakobe/paranoidhttp is vulnerable to Server-Side Request Forgery. The vulnerability exists due to the ip.To4 parameter in the safeAddr function of client.go, as the library matches :: to the 127.0.0.1 address, but lacks filtering of private address, which allows a remote attacker to...

7.5CVSS7.2AI score0.00236EPSS

Exploits0References5Affected Software1

OSV•added 2023/01/30 6:30 a.m.•15 views

GHSA-V9MP-J8G7-2Q6M Paranoidhttp Server-Side Request Forgery vulnerability

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS7.4AI score0.00236EPSS

Exploits0References6

Github Security Blog•added 2023/01/30 6:30 a.m.•16 views

Paranoidhttp Server-Side Request Forgery vulnerability

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS7.3AI score0.00236EPSS

Exploits0References6Affected Software1

OSV•added 2023/01/30 5:15 a.m.•11 views

CVE-2023-24623

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS7.5AI score

Exploits0References3

NVD•added 2023/01/30 5:15 a.m.•8 views

CVE-2023-24623

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.5CVSS7.5AI score0.00236EPSS

Exploits0References3

Prion•added 2023/01/30 5:15 a.m.•9 views

Design/Logic Flaw

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

5CVSS7.5AI score0.00236EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/01/30 12:0 a.m.•4 views

CVE-2023-24623

Paranoidhttp before 0.3.0 allows SSRF because :: is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses...

7.7AI score0.00236EPSS

Exploits0References3

CNNVD•added 2023/01/30 12:0 a.m.•1 views

Paranoidhttp 代码问题漏洞

Paranoidhttp is an application for hakobe individual developers. A pre-configured http.Client is provided. A security vulnerability exists in Paranoidhttp versions prior to 0.3.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

7.5CVSS7.3AI score0.00236EPSS

Exploits0References2

CVE•added 2023/01/30 12:0 a.m.•146 views

CVE-2023-24623

CVE-2023-24623 affects paranoidhttp before 0.3.0. The SSRF flaw arises because [::] is equivalent to 127.0.0.1 but the private-address filter is not applied, allowing unintended requests to internal resources. Public references in connected docs confirm the vulnerability and its description acros...

7.5CVSS7.4AI score0.00236EPSS

Exploits0References3Affected Software1