NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid

NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid vulnerability discovered by ? in WordPress Npm ssrfcheck versions 1.2.0...

ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid

SSRF Bypass in ssrfcheck - fails to classify reserved IP address space as invalid ssrfcheck is an npm package that serves to provide protection from SSRF by validating URLs or hostname inputs. Resources: Project's GitHub code repository: https://github.com/felippe-regazio/ssrfcheck Project's npm...

CVE-2026-32019

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

GO-2026-4746 Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

EUVD-2025-24979

Malicious code in bioql PyPI...

CVE-2025-9003 D-Link DIR-818LW DHCP Reserved Address bsc_lan.php cross site scripting

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsclan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability on...

CVE-2025-9003 D-Link DIR-818LW DHCP Reserved Address bsc_lan.php cross site scripting

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsclan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability on...

CVE-2024-26947 ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...

Standard & Poors ComStock 4.2.4 Machine Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In...