101 matches found
CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
DEBIAN-CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
UBUNTU-CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is being incorrectly...
Server-side Request Forgery (SSRF)
Overview ip is a Node library. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is bei...
CVE-2025-59437
Technical details about CVE-2025-59437 are not provided in the connected documents; no affected products, impact, or fixes are listed here. Monitor for updates.
CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
Linux Distros Unpatched Vulnerability : CVE-2023-40014
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context...
SUSE CVE-2023-53034
In the Linux kernel, the following vulnerability has been resolved: ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans There is a kernel API ntbmwcleartrans would pass 0 to both addr and size. This would make xlatepos negative. 23.734156 switchtec switchtec0: MW 0: part 0 addr...
PT-2025-5337 · Imgproxy +1 · Imgproxy +1
Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.27.2 Description: The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the 0.0.0.0 address, even when IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES is set to false...
kernel: atl1c: Work around the DMA RX overflow issue
In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 "net: alx: Work around the DMA RX overflow issue". The alx and atl1c drivers had RX overflow error which was why a custom allocator was...
Votes delegated to the zero address will be stuck forever and user can no longer delegate votes
Lines of code Vulnerability details Bug Description VotesUpgradeable automatically delegates a user's votes to themselves if a delegatee is not set. VotesUpgradeable.solL165-168 function delegatesaddress account public view virtual returns address VotesStorage storage $ = getVotesStorage; return...
Possibility of losing users funds due to not checking for zero address (address 0x0)
Lines of code Vulnerability details Impact As there is no function for checking whether the addresses of the sources and targets are zero or not in the delegateMulti function it may cause issues for users Sending tokens to a zero address address 0x0 is generally not a recommended practice in...
No zero address check on constructor parameters in contracts
Lines of code Vulnerability details Impact Detailed description of the impact of this finding There is no address0 check in the constructor of the following contracts; 1. Sourcesbridge.sol 2. rSUDY.sol 3. Destination ridge.sol 4. rSUDYFactory.sol Lack of addr0 check can lead to loss of important...
Absence of zero address checks for roles passed to the initialize function.
Lines of code Vulnerability details Impact The initialize function accepts various roles as part of the roles parameter SecurityCouncilManagerRoles. However, it doesn't validate whether any of these role addresses are set to the zero address address0. This omission might result in inadvertently...
Signature Validation Bypass in 'permit' Function of MarketERC20.sol
Lines of code Vulnerability details Description The 'MarketERC20.sol' contract contains a critical vulnerability in the 'permit' function, where insufficient signature validation allows for bypassing the authentication process. This loophole enables attackers to manipulate the function by providi...
Reverts when a User claims Voting Power of address(0) where there exists some for address(0)
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...
User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Proof of Concept 1. In ARCDVestingVault.delegate, Alice calls the function with voting Power 100e18 and...
Setting ownership to zero account in the function _renounceOwnership()
Lines of code Vulnerability details Impact In the renounceOwnership function, the call to setOwneraddress0 sets the owner address of the contract to address0, which represents the zero address in Ethereum. This effectively removes the ownership of the contract, as the zero address is not a valid...
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...