Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 4:35 a.m.3 views

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

8.1CVSS5.7AI score0.00427EPSS
Exploits0References5
CVE
CVE
added 2026/03/06 4:35 a.m.20 views

CVE-2026-28681

CVE-2026-28681 affects Internet Routing Registry daemon (IRRd) versions 4.4.0–4.4.5 and 4.5.0–4.5.1. The flaw is a host header injection in web UI password reset/account creation flows: an attacker can manipulate the HTTP Host header, causing the confirmation link in the email to point to an atta...

8.1CVSS5.8AI score0.00427EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/06 4:35 a.m.37 views

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

8.1CVSS0.00427EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0127

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01366EPSS
Exploits0References6
NVD
NVD
added 2022/03/31 11:15 p.m.13 views

CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

7.5CVSS0.01366EPSS
Exploits0References3
OSV
OSV
added 2022/03/31 11:15 p.m.39 views

PYSEC-2022-178

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

7.5CVSS2.6AI score0.01366EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/31 11:5 p.m.8 views

CVE-2022-24798 Insufficient password hash filtering in some IRRd queries and exports

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

7.5CVSS7.7AI score0.01366EPSS
Exploits0References3
CVE
CVE
added 2022/03/31 11:5 p.m.111 views

CVE-2022-24798

CVE-2022-24798 affects Internet Routing Registry daemon (IRRd) v4 where password hashes could be exposed in query responses for mntner objects and database exports. Root cause: insufficient filtering of password hashes in IRRd’s output. Affected products/versions: IRRd 4.2.x (mirrors not affected...

7.5CVSS7.7AI score0.01366EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.3 views

Internet Routing Registry Daemon 安全漏洞

Internet Routing Registry Daemon IRRd is a routing registry daemon. A security vulnerability exists in Internet Routing Registry Daemon, which stems from the fact that IRRd does not always filter password hashes in query responses related to "mntner" objects and database exports. An attacker coul...

7.5CVSS7.3AI score0.01366EPSS
Exploits0References4
Krebs on Security
Krebs on Security
added 2021/11/26 7:3 p.m.31 views

The Internet is Held Together With Spit & Baling Wire

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the worlds biggest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a...

7.1AI score
Exploits0
Rows per page
Query Builder