Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/05/12 5:49 p.m.25 views

CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS0.00051EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/05 8:29 p.m.2 views

EUVD-2025-22851

ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid...

8.8CVSS5.8AI score0.00116EPSS
Exploits1References6
OSV
OSVadded 2025/07/28 6:30 a.m.3 views

GHSA-C2FV-2FMJ-9XRX Duplicate Advisory: ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p4hc-9pjh-55c8. This link is maintained to preserve external references. Original Description Versions of the package ssrfcheck below 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete...

8.8CVSS5.7AI score0.00116EPSS
Exploits1References6
OSV
OSVadded 2025/07/28 5:16 a.m.2 views

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

5.3CVSS7.2AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/07/28 5:0 a.m.1 views

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

8.8CVSS6.5AI score0.00116EPSS
Exploits1References4
CVE
CVEadded 2025/07/28 5:0 a.m.38 views

CVE-2025-8267

CVE-2025-8267 affects the Python/JS package ssrfcheck prior to 1.2.0, with an incomplete IP denylist failing to classify 224.0.0.0/4 (Multicast) as invalid. This enables SSRF against multicast addresses via crafted requests. Public references from Red Hat, HTC OSV, GHSA, NVD, and PT-2025-31048 co...

8.8CVSS7.2AI score0.00116EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/07/28 5:0 a.m.7 views

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

8.8CVSS0.00116EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/07/28 12:0 a.m.1 views

PT-2025-31048

Name of the Vulnerable Software and Affected Versions ssrfcheck versions prior to 1.2.0 Description The package is vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 Multicast a...

8.8CVSS5.8AI score0.00116EPSS
Exploits1References15
Rows per page
Query Builder