MindsDB -DNS Rebinding SSRF Protection Bypass

Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...

Astra Linux – Vulnerability in Node.js

A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...

ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...

CVE-2026-48764

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-48764

TypeBot suffers an SSRF in HTTP request and script fetch flows prior to version 3.17.2. The root cause is a time‑of‑check/time‑of‑use gap: the hostname is validated once against a forbidden range, but the subsequent request resolves the hostname again and may connect to a different IP, enabling D...

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

CVE-2026-53869

CVE-2026-53869 : Hermes Agent prior to 0.16.0 has a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. The FastAPI HTTP middleware is not executed for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events, ena...

PT-2026-50572

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

PT-2026-50518

Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description A DNS rebinding issue in WebSocket endpoints allows remote attackers to bypass Host and Origin validation. This occurs because FastAPI HTTP middleware does not execute for WebSocket upgrade...

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

CVE-2026-11624

The CVE-2026-11624 entry concerns the Model Context Protocol server where origin validation of the Origin header affects DNS rebinding risk. Before v0.25.0 there was no host validation; v0.25.0 introduces --allowed-hosts and --allowed-origins flags to specify permitted hosts at startup. Both flag...

PT-2026-49089

Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...

Linux Distros Unpatched Vulnerability : CVE-2025-15104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal...

CVE-2026-53782

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...