CC-Tweaked has an SSRF Protection Bypass with NAT64

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

PT-2026-45067

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

CVE-2026-47695

creationtimestamp| type| source ---|---|--- 2026-05-18 22:28:24+00:00| published-proof-of-concept| https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-5jh9-2h63-pw4q...

EUVD-2023-41180

Malicious code in bioql PyPI...

CVE-2023-37262

CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...

CVE-2023-37262 CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default

CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...

CVE-2023-37262

CC: Tweaked (Minecraft mod) contains an SSRF vulnerability where, before fixes, metadata service endpoints on cloud providers (AWS, GCP, Azure) were not blocked by default when the plugin runs on affected servers. This allowed any player to access sensitive information from cloud metadata service...

Tweaked 代码问题漏洞

Minecraft My World is a Swedish sandbox game by Mojang. Tweaked suffers from a code issue vulnerability. Attackers use the vulnerability to gain access to sensitive information in order to elevate privileges...

Phpbb Tweaked <= 3 (phpbb_root_path) Remote Inclusion Vulnerability

No description provided by source. ----------------------------------------------- Phpbb Tweaked phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz - xoron.info ----------------------------------------------- Code: includeonce...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0680

PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0680

PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0680

CVE-2007-0680 describes a PHP remote file inclusion in the file includes/functions.php of Phpbb Tweaked 3 and earlier . An attacker can supply a crafted URL to the parameter phpbb_root_path , causing the application to include remote PHP code and potentially execute arbitrary code on the server. ...

Phpbb Tweaked &#40;phpbb_root_path&#41; Remote File Include Exploit

----------------------------------------------- Phpbb Tweaked phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz - xoron.info ----------------------------------------------- Code: includeonce $phpbbrootpath...

phpBB Tweaked 3 - &#039;phpbb_root_path&#039; Remote File Inclusion

----------------------------------------------- Phpbb Tweaked phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz - xoron.info ----------------------------------------------- Code: includeonce $phpbbrootpath...

phpBB Tweaked 3 - phpbb_root_path Remote File Inclusion

phpBB Tweaked 3 - phpbbrootpath Remote File Inclusion ----------------------------------------------- Phpbb Tweaked phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz - xoron.info ----------------------------------------------- Code:...