182 matches found
CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...
CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...
CVE-2026-45087
Dalfox (server mode) prior to v2.13.0 is vulnerable to unauthenticated remote code execution. When running dalfox server with default 0.0.0.0:6664 and no API key, POST /scan deserializes attacker-controlled options (FoundAction and FoundActionShell) into scan config, then shell commands are execu...
CVE-2026-45089 Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...
EUVD-2026-32614
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...
CVE-2026-45089
Dalfox AOSS (CVE-2026-45089) allows unauthenticated arbitrary file creation/append when running in REST server mode. Before v2.13.0, the API accepts attacker-controlled OutputFile, OutputAll, and Debug in model.Options; the logger writes to the attacker-specified path via os.OpenFile with O_APPEN...
CVE-2026-45089 Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...
CVE-2026-45090 Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
CVE-2026-45090 Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
CVE-2026-45090
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
CVE-2026-45090
Dalfox (CVE-2026-45090) suffers a channel lifecycle bug in ParameterAnalysis.go: two sequential worker stages share a single results channel, which is closed after the first stage and then reused by the second stage for POST-body parameters. When a parameter is reflected, the second-stage writer ...
EUVD-2026-32613
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition via the ParameterAnalysis process in server mode. An attacker can cause the application to crash or become unresponsive by sending crafted requests that trigger a closed-channel write. Remediation Upgrade...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition via the ParameterAnalysis process in server mode. An attacker can cause the application to crash or become unresponsive by sending crafted requests that trigger a closed-channel write. Remediation Upgrade...
Astra Linux – Vulnerability in NTP
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
EUVD-2026-30956
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...