Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

VulnCheck KEV: CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

EUVD-2025-0172

Malicious code in bioql PyPI...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

SUSE CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354

Imgproxy (affected version: prior to 3.27.2) is vulnerable to SSRF through the 0.0.0.0 address when IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES is false. The check only blocks loopback addresses (127.x.x.x) and does not consider 0.0.0.0, allowing access to local-host services. The issue is confirmed...

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

SQLite Memory Corruption Vulnerability

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite version 3.27.2. Currently the...

SQLite Memory Corruption Vulnerability (CNVD-2019-43407)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite version 3.27.2. Currently the...

openSUSE Security Update : sqlite3 (openSUSE-2019-1159)

This update for sqlite3 to version 3.27.2 fixes the following issue : Security issue fixed : - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. Release notes: https://www.sqlite.org/releaselog/3272.html This update was imported from the SUSE:SLE-15:Update...

Security update for sqlite3 (moderate)

openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1159-1 Rating: moderate References: 1119687 Cross-References: CVE-2018-20346 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for sqlite3 ...