Lucene search
K

4 matches found

OSV
OSV
added 2026/05/06 5:23 p.m.6 views

GHSA-V5C3-6WVC-PC2Q QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

7.1CVSS5.9AI score0.00258EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38265

Name of the Vulnerable Software and Affected Versions New API versions 0.11.9-alpha.1 and earlier Description New API, a large language model LLM gateway and artificial intelligence AI asset management system, contains a Server-Side Request Forgery SSRF flaw. This issue occurs due to insufficient...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.6 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References6Affected Software1
Snyk
Snyk
added 2025/09/16 2:44 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is being incorrectly...

10CVSS6.9AI score0.08279EPSS
Exploits0References2
Rows per page
Query Builder