CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
Monthly
Server-side request forgery (SSRF) in GitLab CE/EE allows an authenticated user with maintainer-role permissions to probe and interact with internal network resources by configuring malicious mirror synchronization URLs that bypass GitLab's URL validation controls. The flaw spans an exceptionally wide version range - from 8.3 all the way through the 19.x train - making the population of unpatched instances large. CWE-350 (Reliance on Reverse DNS Resolution) indicates the bypass likely exploits DNS-based validation circumvention rather than a simple allowlist gap. No public exploit or active KEV listing is confirmed at time of analysis, but the maintainer privilege bar is low enough in shared multi-tenant GitLab deployments to materially broaden the attacker population.
DNS rebinding on the Mercusys AC12G (EU) V1 router (firmware AC12G(EU)_V1_200909) exposes the router's web management interface to attacker-controlled external origins due to absent HTTP Host header validation. A remote unauthenticated attacker (per CVSS PR:N) can rebind a malicious domain to the router's LAN IP address, then leverage the router's pre-existing CORS wildcard (Access-Control-Allow-Origin: *) to read admin interface responses cross-origin from within the victim's browser. No public exploit beyond the researcher's advisory exists and no CISA KEV listing is present at time of analysis.
Reliance on reverse DNS resolution in ericc-ch copilot-api up to version 0.7.0 allows authenticated remote attackers to manipulate the Host header in the /token endpoint, leading to information disclosure. The vulnerability affects the Header Handler component and has been publicly disclosed with exploit code available; the vendor did not respond to early disclosure notification.
Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.
Kiteworks versions prior to 9.2.0 contain a DNS rebinding vulnerability that allows authenticated administrators to circumvent SSRF protections and access restricted internal services. An attacker with administrative privileges could exploit this misconfiguration to reach backend systems that should be isolated from external access. No patch is currently available for affected deployments.
CleanTalk Anti-Spam WordPress plugin has an authorization bypass enabling unauthenticated attackers to perform file operations on the WordPress server.
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
vet is an open source software supply chain security tool. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Server-side request forgery (SSRF) in GitLab CE/EE allows an authenticated user with maintainer-role permissions to probe and interact with internal network resources by configuring malicious mirror synchronization URLs that bypass GitLab's URL validation controls. The flaw spans an exceptionally wide version range - from 8.3 all the way through the 19.x train - making the population of unpatched instances large. CWE-350 (Reliance on Reverse DNS Resolution) indicates the bypass likely exploits DNS-based validation circumvention rather than a simple allowlist gap. No public exploit or active KEV listing is confirmed at time of analysis, but the maintainer privilege bar is low enough in shared multi-tenant GitLab deployments to materially broaden the attacker population.
DNS rebinding on the Mercusys AC12G (EU) V1 router (firmware AC12G(EU)_V1_200909) exposes the router's web management interface to attacker-controlled external origins due to absent HTTP Host header validation. A remote unauthenticated attacker (per CVSS PR:N) can rebind a malicious domain to the router's LAN IP address, then leverage the router's pre-existing CORS wildcard (Access-Control-Allow-Origin: *) to read admin interface responses cross-origin from within the victim's browser. No public exploit beyond the researcher's advisory exists and no CISA KEV listing is present at time of analysis.
Reliance on reverse DNS resolution in ericc-ch copilot-api up to version 0.7.0 allows authenticated remote attackers to manipulate the Host header in the /token endpoint, leading to information disclosure. The vulnerability affects the Header Handler component and has been publicly disclosed with exploit code available; the vendor did not respond to early disclosure notification.
Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.
Kiteworks versions prior to 9.2.0 contain a DNS rebinding vulnerability that allows authenticated administrators to circumvent SSRF protections and access restricted internal services. An attacker with administrative privileges could exploit this misconfiguration to reach backend systems that should be isolated from external access. No patch is currently available for affected deployments.
CleanTalk Anti-Spam WordPress plugin has an authorization bypass enabling unauthenticated attackers to perform file operations on the WordPress server.
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
vet is an open source software supply chain security tool. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.