Lucene search
K

17 matches found

EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12441

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 3:30 p.m.3 views

GHSA-GQV7-J2J8-QMWQ Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25758

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.19 views

EUVD-2021-0751

Malware in sbrugna...

9.8CVSS9.3AI score0.02949EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7318

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00365EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/30 5:27 a.m.10 views

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

8.8CVSS6.5AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2025/07/28 6:30 a.m.6 views

GHSA-C2FV-2FMJ-9XRX Duplicate Advisory: ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p4hc-9pjh-55c8. This link is maintained to preserve external references. Original Description Versions of the package ssrfcheck below 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete...

8.8CVSS5.7AI score0.00455EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.8 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS7.8AI score0.02949EPSS
Exploits0
OSV
OSV
added 2025/03/23 3:15 p.m.3 views

CVE-2025-2691

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism...

9.1CVSS5.8AI score0.00365EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/23 2:21 p.m.31 views

CVE-2025-2691

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism...

8.8CVSS0.00365EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/11/27 8:42 p.m.72 views

Cloudflare Public Bug Bounty: Using special IPv4-mapped IPv6 addresses to bypass local IP ban

Vulnerability description not provided...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/13 3:18 p.m.45 views

Server-Side Request Forgery in private-ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.4AI score0.02949EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/13 3:18 p.m.20 views

GHSA-43CH-2H55-2VJ7 Server-Side Request Forgery in private-ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References5
OSV
OSV
added 2020/11/23 9:15 p.m.22 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS7.7AI score
Exploits0References2
Cvelist
Cvelist
added 2020/11/23 8:33 p.m.46 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8AI score0.02949EPSS
Exploits0References2
CVE
CVE
added 2020/11/23 8:33 p.m.56 views

CVE-2020-28360

CVE-2020-28360 describes an SSRF vulnerability in the npm package private-ip (versions 1.0.5 and earlier). The root cause is an insufficient RegEx filter for reserved IP ranges, allowing an attacker to craft requests to ARIN/other reserved ranges, which can lead to remote server-side resource req...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2015/11/09 2:50 p.m.10 views

Comodo, CAs Issue Forbidden Certificates

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses. In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to c...

1.1AI score
Exploits0References3
Rows per page
Query Builder