Lucene search
K

17 matches found

OSV
OSV
added 2026/06/12 9:31 p.m.10 views

MAL-2026-5718 Malicious code in ect-472839-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 9:31 p.m.15 views

Malicious code in ect-654321 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...

5.4AI score
Exploits0References8
Cvelist
Cvelist
added 2026/04/09 3:43 p.m.17 views

CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

7.7CVSS0.00246EPSS
Exploits1References1
Snyk
Snyk
added 2025/08/25 10:41 p.m.2 views

Server-side Request Forgery (SSRF)

Overview request-filtering-agent is an An https.Agent implementation that block request Private IP address. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTPS request handling process. An attacker can access internal services by sending specially...

7.2CVSS7AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/29 5:6 a.m.5 views

CVE-2025-53081

An 'Arbitrary File Creation' in Samsung DMSData Management Server allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses...

6.4CVSS6.6AI score0.00386EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/13 10:12 a.m.10 views

IP Filtering Bypass

@misskey-dev/summaly is vulnerable to IP Filtering Bypass. The vulnerability is due to improper validation of HTTP redirects, where private IP address checks are applied only to the HEAD response but not to the GET response, allowing redirection to private IPs...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/07 6:39 a.m.3 views

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244. Canon Inc. reported these...

9.8CVSS7.8AI score0.01457EPSS
Exploits0References19
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/12 1:8 p.m.10 views

Security Bulletin: Netcool Operations Insights - Private IP Address Disclosed

Summary It was observed that the private IP address was disclosed in HTTP responses. Although various methods exist by which an attacker can determine the public IP addresses in use by an organization, the private addresses used internally cannot usually be determined in the same ways...

0.7AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/02/23 2:0 p.m.14 views

CVE-2014-10079

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash...

5.4AI score0.08749EPSS
Exploits5References4
CNVD
CNVD
added 2018/04/03 12:0 a.m.3 views

Opera WebRTC Component Information Disclosure Vulnerability

Opera is a Norwegian Web browser developed by Opera Software, which supports multi-window browsing, customizable user interfaces, etc. The WebRTC component is one of the Web real-time communication components. A security vulnerability exists in the WebRTC component in Opera version 51.0.2830.55. ...

4.3CVSS6.7AI score0.03354EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/02 12:0 a.m.5 views

DuckDuckGo Private IP Address Disclosure Vulnerability

DuckDuckGo is an extension for use in browsers. It is used to access the web anonymously.WebRTC component is a component used in it to support real-time voice conversations or video conversations in the browser. A security vulnerability exists in the WebRTC component in DuckDuckGo version 4.2.0. ...

4.3CVSS6.8AI score0.30144EPSS
Exploits7References1
NVD
NVD
added 2018/04/01 6:29 p.m.25 views

CVE-2018-6849

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information such as https://ip.voidsec.com, the browser can disclose a private IP address in a STUN request...

4.3CVSS4.4AI score0.30144EPSS
Exploits7References5
The Hacker News
The Hacker News
added 2011/05/08 1:44 p.m.7 views

India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure !

India's leading IT companies TCS Tata Consultancy Services & Tech Mahindra is also not Secure ! Here are some proofs submitted to THN : The Hacker News by a Indian hacker - THEDREAMBOY , as shown below , which can easily prove that , YES ! India's leading IT companies TCS Tata Consultancy Service...

6.6AI score
Exploits0
OpenVAS
OpenVAS
added 2009/09/29 12:0 a.m.19 views

Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)

This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness. OpenVAS Vulnerability Test $Id: secpodmsdnsdevolutionresolvingweakness.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 971888 Authors...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/11/19 12:0 a.m.378 views

Danware NetOp Host HELO Request Remote Information Disclosure

This plugin displays the basic name and address information provided by NetOp products for easy network browsing. Administrators should disable displaying this information if they don't want it to be visible. Note that leaked private IP addresses are only an issue if the NetOp product is listenin...

5CVSS5.5AI score0.02118EPSS
Exploits0References1
Cvelist
Cvelist
added 2000/04/25 4:0 a.m.21 views

CVE-2000-0181

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection...

6.7AI score0.01575EPSS
Exploits0References3
NVD
NVD
added 2000/03/11 5:0 a.m.16 views

CVE-2000-0181

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection...

5CVSS6.7AI score0.01575EPSS
Exploits0References3
Rows per page
Query Builder