Astra Linux – Vulnerability in Node.js

A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-31997

OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv0 tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling...

CVE-2019-12443

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...

EUVD-2007-5256

Malware in sbrugna...

EUVD-2019-4052

Malware in sbrugna...

EUVD-2018-4669

Malware in sbrugna...

EUVD-2022-53416

Malicious code in bioql PyPI...

EUVD-2022-46545

Malicious code in bioql PyPI...

CVE-2017-7178

creationtimestamp| type| source ---|---|--- 2025-06-03 14:00:00+00:00| seen| https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from-inside-the-house/ 2026-02-11 08:11:05+00:00| seen|...

Alibaba Cloud Linux 3 : 0022: nodejs:14 (ALINUX3-SA-2021:0022)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0022 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-10531: An issue was discovered in...

Linux Distros Unpatched Vulnerability : CVE-2021-29462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be...

Linux Distros Unpatched Vulnerability : CVE-2018-5740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - deny-answer-aliases is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of...

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Details While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by...

BIT-NODE-MIN-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

CVE-2024-36471

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...

BIT-NODE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

BIT-NODE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

CVE-2023-41329

CVE-2023-41329 concerns WireMock’s proxy mode, where domain-name based restrictions are vulnerable to DNS rebinding. The root cause is a race condition: if a DNS server’s address expires between initial validation and the outbound request, an otherwise prohibited domain could be accessed. This re...

WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...