Lucene search
K

1906 matches found

Cvelist
Cvelist
added 2026/06/11 2:47 p.m.28 views

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:47 p.m.36 views

CVE-2026-3341

CVE-2026-3341 affects IBM Langflow Desktop 1.0.0–1.9.2. The root cause is a TOCTOU DNS rebinding flaw in SSRF protection: validate_url_for_ssrf() uses socket.getaddrinfo(), while httpx.AsyncClient() conducts a separate DNS lookup during connection, allowing an attacker-controlled DNS domain with ...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48732

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:37 p.m.12 views

Security Bulletin: IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

Summary A Time-of-Check to Time-of-Use TOCTOU vulnerability in IBM Langflow Desktop's SSRF protection allows authenticated attackers to bypass internal network access restrictions using DNS rebinding attacks. The validateurlforssrf function validates URLs using socket.getaddrinfo, but...

5.4CVSS5.6AI score0.00138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 1:55 p.m.8 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Insecure Default Initialization of Resource CVE-2025-66414

Summary MCP TypeScript SDK is used by the IBM Datapower Operations Dashboard to implement the Model Context Protocol MCP using Node.js Vulnerability Details CVEID:CVE-2025-66414 DESCRIPTION: MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to...

8.7CVSS5.5AI score0.00463EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/06/07 9:4 a.m.109 views

glitchtip-dns-rebinding-gap-poc

GlitchTip DNS rebinding gap PoC This PoC models the DNS rebin...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33659

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.2AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45619

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...

6.5CVSS5.4AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.13 views

CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.3AI score0.00236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS5.5AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41272

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers secureAxiosRequest and secureFetch intended to prevent Server-Side Request Forgery SSRF contain multiple logic flaws. These flaws allow attackers to bypass the...

7.1CVSS7.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS5.5AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS5.4AI score0.00136EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:19 p.m.16 views

NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/03 6:16 p.m.15 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.15 views

CVE-2026-36604

Mercusys AC12G (EU) V1 router vulnerable to DNS rebinding due to HTTP Host header validation failure in firmware AC12G(EU)_V1_200909. An external attacker could rebound a domain to the router’s internal IP, taking advantage of an existing CORS wildcard weakness (Access-Control-Allow-Origin: *). C...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.39 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-45992

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

5.8AI score0.00254EPSS
Exploits0References2
Rows per page
Query Builder