I (@ouuan) have discovered the following vulnerabilities:
- CVE-2023-41054: LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php
- CVE-2023-41055: LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie
- CVE-2023-4913: Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page in cecilapp/cecil
- CVE-2023-4914: Relative Path Traversal vulnerability in the serve command in cecilapp/cecil
- Gravity Wiz Weekly 201: Gravity Wiz Cache Buster Reflected XSS vulnerability
- CVE-2024-27927: RSSHub SSRF vulnerabilities in /mastodon, /zjoi, and /m4
- GHSA-4c78-229v-hf6m: txtdot SSRF vulnerability in /proxy
- GHSA-4gj5-xj97-j8fp: txtdot SSRF vulnerability in /get
- GHSA-99hj-2wwx-78m3: txtdot Reflected XSS vulnerability in /proxy
- CVE-2024-29415: NPM ip package still incorrectly identifies some private IP addresses as public
- CVE-2024-24789: Go
archive/zipEOCDR comment length handling is inconsistent with other ZIP implementations - CVE-2024-37661: TP-LINK router TL-7DR5130 is vulnerable to forged ICMP redirect message attacks
- CVE-2024-37662: TP-LINK router TL-7DR5130 is vulnerable to TCP DoS or hijacking attacks
- CVE-2024-37663: Redmi router RB03 is vulnerable to forged ICMP redirect message attacks
- CVE-2024-37664: Redmi router RB03 is vulnerable to TCP DoS or hijacking attacks