Lucene search
K

12 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5244 Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg

Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg...

5.8AI score0.00051EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51096

Summary The remediation shipped in mailpit v1.29.2 for GHSA-mpf7-p9x7-96r3 CVE-2026-27808 is incomplete. The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT...

5.8CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/05/29 4:50 p.m.11 views

GHSA-86M8-88FQ-XFXP Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes

Summary IsPublicIP in pkg/gotenberg/outbound.go incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations e.g., cloud metadata services at 169.254.169.254 via a single crafted DNS AAAA record. This...

7.5CVSS5.9AI score0.00051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45014

Name of the Vulnerable Software and Affected Versions Gotenberg affected versions not specified Description An unauthenticated attacker can bypass the SSRF deny-list by using a crafted DNS AAAA record. The IsPublicIP function in pkg/gotenberg/outbound.go incorrectly classifies certain IPv6...

7.5CVSS5.9AI score0.00051EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 9:2 p.m.11 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 9:2 p.m.40 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS0.00285EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 9:2 p.m.44 views

CVE-2026-44430

CVE-2026-44430 affects the MCP Registry: unauthenticated SSRF via the HTTP namespace verification that dials attacker-controlled domains. The root cause is an allowlist that only covers classic IPv4-derived categories and a manual CGNAT range, while omitting IPv6 prefixes that embed IPv4—specific...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/14 9:2 p.m.12 views

EUVD-2026-30488

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained code vulnerabilities. These vulnerabilities stemmed from HTTP-based namespace verification, which used safeDialContext to dial private/internal...

6.3CVSS6AI score0.00285EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 5:20 p.m.9 views

GHSA-R48C-V28R-PF6V MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

Summary The Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling private/internal addresses when fetching the well-known public-key file from a publisher-supplied domain. The...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.7 views

PT-2022-12383 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0u.6118 B20201102 Description: A stack overflow was discovered in the setIpv6Cfg function, allowing attackers to cause a Denial of Service DoS via the relay6to4 parameters. Recommendations: For TOTOLINK X5000R...

7.8CVSS7.6AI score0.01175EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/10/31 12:0 a.m.14 views

PT-2019-4882 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions 4.6 through 4.12.x Description: The issue is related to incorrect error handling for a malformed format character in the hypercall initialise function of the Xen hypervisor. This can be exploited by a remote attacker to cause a...

9.8CVSS7.4AI score0.16658EPSS
Exploits4References182
Rows per page
Query Builder