65 matches found
Astra Linux - уязвимость в linux
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
GHSA-8783-3WGF-JGGF Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...
CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003938)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003938 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001480)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001480 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004449)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004449 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
CVE-2025-68949 n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...
EUVD-2026-2029
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...
CVE-2025-68949
n8n has a Webhook node IP whitelist bypass vulnerability (CVE-2025-68949). From 1.36.0 up to, but not including, 2.2.0, the Webhook node validated IPs by partial string matching rather than exact IP comparison. This could allow an incoming request from a non-whitelisted IP to be accepted if its a...
CVE-2025-68949 n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...
EUVD-2017-7781
Malware in sbrugna...
EUVD-2021-7634
Malicious code in bioql PyPI...
CVE-2020-27863
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 80...
CVE-2020-27866
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...
CVE-2020-27865
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the allowPassThrough method. The issue results from incorrect string matching...
OESA-2023-1184 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with...
CVE-2022-27642
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...
Authentication flaw
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...
CVE-2022-27642
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...