Lucene search
K

1199 matches found

CVE
CVE
added 2026/06/16 11:47 a.m.14 views

CVE-2026-9507

CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 11:47 a.m.27 views

CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/13 6:51 p.m.156 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

10CVSS8.6AI score0.99562EPSS
Exploits373
GithubExploit
GithubExploit
added 2026/06/13 4:2 p.m.84 views

Exploit for Embedded Malicious Code in Tukaani Xz

XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...

10CVSS8.7AI score0.85974EPSS
Exploits40
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.31 views

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

9.1CVSS0.00451EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 6:22 p.m.28 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS0.00584EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:22 p.m.10 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.3AI score0.00584EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OIDC authentication is enabled in configuration, clients may set specific values in the mechanism parameter of the authenticate command that lead to server...

8.2CVSS5.9AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:29 p.m.10 views

EUVD-2026-36130

Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:29 p.m.6 views

GHSA-76R6-X97P-67VR Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Summary russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner...

5.3CVSS5.7AI score0.00277EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:24 p.m.18 views

CVE-2026-48108

Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:24 p.m.9 views

CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:24 p.m.30 views

CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.14 views

EUVD-2026-35896

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.18 views

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48546

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from lax implementation of SSH identifier string rules. The server-side identifier...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder