1184 matches found
CVE-2026-48108
Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...
CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...
EUVD-2026-35896
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...
CVE-2026-41706
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...
PT-2026-48546
Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...
Russh 输入验证错误漏洞
Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from lax implementation of SSH identifier string rules. The server-side identifier...
CVE-2026-41706 Open Redirect When Using CookieRequestCache
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...
CVE-2026-41706
Spring Security: CookieRequestCache and CookieServerRequestCache store the full absolute pre-authentication URL in a browser cookie and use it as the post-login redirect target without validation. Affected versions include Spring Security 5.7.0–5.7.23; 5.8.0–5.8.25; 6.3.0–6.3.16; 6.4.0–6.4.16; 6....
CVE-2026-9742
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...
CVE-2026-9740
Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...
CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
CVE-2026-9742
The CVE-2026-9742 entry describes a vulnerability in MongoDB where, when OIDC authentication is enabled, a crafted value in the mechanism parameter of the authenticate command can crash the server. The authenticate command is reachable by unauthenticated clients, enabling pre-auth denial-of-servi...
CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...
CVE-2026-49848
FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...
CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...
CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
CVE-2026-49842
CVE-2026-49842 - FreeSWITCH mod_verto pre-auth bandwidth amplification : Before v1.11.1, FreeSWITCH’s mod_verto WebSocket frame loop processed a #-prefixed speed-test protocol (#SPU/#SPB/#SPE) prior to authentication. The payload size in #SPU was parsed with atoi() and non-positive values were re...
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...