31 matches found
CVE-2026-42175
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...
CVE-2026-42175
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...
CVE-2026-42175 requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...
CVE-2026-42175
The CVE-2026-42175 entry concerns the requests-hardened library, whose SSRF protection failed to block addresses in RFC 6598 (100.64.0.0/10). Affected behavior: an attacker able to supply arbitrary URLs could reach internal services within 100.64.0.0/10 in environments using that CIDR (e.g., AWS ...
CVE-2026-42175 requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...
requests-hardened 代码问题漏洞
requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...
GHSA-VH75-FWV3-PQRH requests-hardened is Vulnerable to Server-Side Request Forgery
The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...
requests-hardened is Vulnerable to Server-Side Request Forgery
The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...
PT-2026-37250
Name of the Vulnerable Software and Affected Versions requests-hardened versions prior to 1.2.1 Description The Server-Side Request Forgery SSRF protection fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker capable of supplying arbitrary URLs can explo...
CLEANSTART-2026-ZN32454 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...
CLEANSTART-2026-ZT77083 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...
CLEANSTART-2026-BA37192 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...
CLEANSTART-2026-XB16901 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...
CVE-2022-0249
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked...
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
EUVD-2022-15441
Malicious code in bioql PyPI...
USN-7285-2 nginx vulnerability
USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...
OESA-2025-1134 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication...
DEBIAN-CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
BIT-GITLAB-2022-0249
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked...