Lucene search
+L

101 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 1:39 a.m.13 views

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

8.1CVSS9.4AI score0.08279EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 6:16 a.m.2 views

DEBIAN-CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

3.2CVSS5.3AI score0.00116EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 6:16 a.m.5 views

UBUNTU-CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

3.2CVSS5.8AI score0.00116EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/16 2:44 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is being incorrectly...

10CVSS6.9AI score0.08279EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/16 2:44 a.m.5 views

Server-side Request Forgery (SSRF)

Overview ip is a Node library. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is bei...

10CVSS6.9AI score0.08279EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:0 a.m.26 views

CVE-2025-59437

Technical details about CVE-2025-59437 are not provided in the connected documents; no affected products, impact, or fixes are listed here. Monitor for updates.

3.2CVSS6.4AI score0.00116EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/09/16 12:0 a.m.3 views

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

3.2CVSS5.3AI score0.00116EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-40014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context...

5.3CVSS6.2AI score0.00611EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/18 1:40 a.m.6 views

SUSE CVE-2023-53034

In the Linux kernel, the following vulnerability has been resolved: ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans There is a kernel API ntbmwcleartrans would pass 0 to both addr and size. This would make xlatepos negative. 23.734156 switchtec switchtec0: MW 0: part 0 addr...

5.8CVSS7.5AI score0.00189EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.5 views

PT-2025-5337 · Imgproxy +1 · Imgproxy +1

Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.27.2 Description: The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the 0.0.0.0 address, even when IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES is set to false...

8.9CVSS6.1AI score0.01058EPSS
Exploits2References89
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.10 views

kernel: atl1c: Work around the DMA RX overflow issue

In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 "net: alx: Work around the DMA RX overflow issue". The alx and atl1c drivers had RX overflow error which was why a custom allocator was...

5.5CVSS6.6AI score0.0024EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.9 views

Votes delegated to the zero address will be stuck forever and user can no longer delegate votes

Lines of code Vulnerability details Bug Description VotesUpgradeable automatically delegates a user's votes to themselves if a delegatee is not set. VotesUpgradeable.solL165-168 function delegatesaddress account public view virtual returns address VotesStorage storage $ = getVotesStorage; return...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.12 views

Possibility of losing users funds due to not checking for zero address (address 0x0)

Lines of code Vulnerability details Impact As there is no function for checking whether the addresses of the sources and targets are zero or not in the delegateMulti function it may cause issues for users Sending tokens to a zero address address 0x0 is generally not a recommended practice in...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.7 views

No zero address check on constructor parameters in contracts

Lines of code Vulnerability details Impact Detailed description of the impact of this finding There is no address0 check in the constructor of the following contracts; 1. Sourcesbridge.sol 2. rSUDY.sol 3. Destination ridge.sol 4. rSUDYFactory.sol Lack of addr0 check can lead to loss of important...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.13 views

Absence of zero address checks for roles passed to the initialize function.

Lines of code Vulnerability details Impact The initialize function accepts various roles as part of the roles parameter SecurityCouncilManagerRoles. However, it doesn't validate whether any of these role addresses are set to the zero address address0. This omission might result in inadvertently...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

Signature Validation Bypass in 'permit' Function of MarketERC20.sol

Lines of code Vulnerability details Description The 'MarketERC20.sol' contract contains a critical vulnerability in the 'permit' function, where insufficient signature validation allows for bypassing the authentication process. This loophole enables attackers to manipulate the function by providi...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

Reverts when a User claims Voting Power of address(0) where there exists some for address(0)

Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower

Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Proof of Concept 1. In ARCDVestingVault.delegate, Alice calls the function with voting Power 100e18 and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.5 views

Setting ownership to zero account in the function _renounceOwnership()

Lines of code Vulnerability details Impact In the renounceOwnership function, the call to setOwneraddress0 sets the owner address of the contract to address0, which represents the zero address in Ethereum. This effectively removes the ownership of the contract, as the zero address is not a valid...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/06/22 9:15 p.m.5 views

CVE-2023-35133

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

7.5CVSS5.8AI score0.00825EPSS
Exploits0References7
Rows per page
Query Builder