Lucene search
K

1312213 matches found

Hacker One
Hacker One
added 2026/06/09 1:45 a.m.28 views

curl: curl-ipv4-percent-normalization-SSRF

Summary: six or fewer sentences describing the issue in your own human voice and optionally a short proof-of-concept script Affected version Which curl/libcurl version are you using to reproduce? On which platform? curl -V typically generates good output to include Steps To Reproduce: add details...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/06/08 12:27 p.m.8 views

8x8: jitsi-meet: Prosody/Jigasi missing header whitelist in mod_filter_iq_rayo allows arbitrary SIP header injection and Caller ID spoofing

A vulnerability was discovered in the Prosody and Jigasi components of Jitsi Meet. The Prosody filter implemented an incomplete blocklist that allowed authenticated users with outbound-call privileges to inject arbitrary SIP headers, enabling Caller ID spoofing on outgoing SIP calls in environmen...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2026/06/08 8:24 a.m.8 views

curl: CVE-2026-11564: Native CA trust persist

A vulnerability was discovered in the libcurl library where a native CA trust could persist after an easy handle switches to custom CA material. The vulnerability was found to affect builds of libcurl that enable the native CA trust feature. The issue stemmed from the fact that the library did no...

5.8AI score0.00196EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/08 7:54 a.m.7 views

curl: CVE-2026-11586: WS Auto-PONG memory exhaustion

Summary: TL;DR: a remote WebSocket peer can make default curl/libcurl grow memory until timeout or OOM by sending legal PING frames while refusing to read the client's automatic PONGs. curl automatically replies to each received WebSocket PING with a PONG unless CURLWSNOAUTOPONG is set. In...

5.9AI score0.00206EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/08 3:11 a.m.942 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS
Exploits2
Hacker One
Hacker One
added 2026/06/06 1:49 p.m.22 views

curl: SOCKS5 no-auth accepted despite username/password-only authentication

Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/06/06 11:38 a.m.19 views

curl: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST body/credential exfiltration via redirect — RC=0, curl 8

Summary curl's HTTP/1.x response header parser splits header lines using a single memchrbuf, '\n', blen call lib/http.c:4457, with no awareness of whether the current position is inside a quoted-string value. A server response containing any header field whose value embeds a raw LF byte \x0a caus...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/06/05 11:44 a.m.61 views

curl: GnuTLS OCSP stapling accepts unrelated SingleResponse (no cert-ID binding)

Summary This report describes a variant of the publicly disclosed curl vulnerability CVE-2020-8286 OCSP stapling verification bypass, found in the GnuTLS TLS backend lib/vtls/gtls.c. The original CVE affected the NSS backend; this variant reproduces the same logical class of defect — accepting...

7.5CVSS6.8AI score0.04575EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/05 7:50 a.m.8 views

Revive Adserver: XML‑RPC login leak exposes valid session ID enabling unauthorized API access

Vulnerability description not provided...

4.3CVSS5.8AI score0.00173EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/05 3:50 a.m.7 views

curl: CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop

Summary: curl's QUIC UDP receive helper ignores zero-length UDP datagrams before counting them against the per-call packet budget. On Linux, recvmmsgpackets loops while pkts maxpkts, but if!mmsgi.msglen continue; runs before pkts is incremented. The recvmsgpackets backend has the same no-progress...

5.9AI score0.0028EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/04 10:17 a.m.6 views

Revive Adserver: CSRF in zone‑include.php allows unauthorized banner and campaign linking

The zone-include.php script in Revive Adserver 6.0.7 was vulnerable to a CSRF attack. Linking and unlinking banners or campaigns to zones could be triggered via crafted GET or POST requests without any verification of the CSRF token, allowing an attacker to perform these actions on behalf of an...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2026/06/04 8:3 a.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting

Vulnerability description not provided...

8.8CVSS6.7AI score0.02734EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/04 6:8 a.m.10 views

Revive Adserver: Stored XSS in maintenance tools via unescaped entity names

A stored XSS vulnerability was discovered in the maintenance tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected in the maintenance-acl-check.php and maintenance-banners-check.php files...

5.4CVSS5.8AI score0.00199EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/04 6:3 a.m.45 views

curl: OpenSSL TLS 1.2 session resumption accepts expired server certificates in libcurl

Summary curl's OpenSSL backend can accept a new TLS 1.2 HTTPS connection after the server certificate has expired if the connection resumes a previously cached TLS session. A full handshake made at the same time with the same certificate fails with CURLEPEERFAILEDVERIFICATION, but the resumed...

5.6AI score
Exploits0
Hacker One
Hacker One
added 2026/06/04 1:45 a.m.30 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/03 11:4 p.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass

A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.02734EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/03 10:27 p.m.7 views

Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag

A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...

6.1CVSS5.8AI score0.00222EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/03 9:19 p.m.21 views

curl: DNS domain search list followed for extant domain missing A or AAAA records

Summary: Curl calls getaddrinfo to resolve a domain's addresses, however glibc will continue though the domain search list to find data even if it gets a NODATA response. When using AFUNSPEC in the aihints, this search will stop at the first domain with either an A or AAAA record, however when...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/06/03 9:0 p.m.7 views

Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking

A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...

4.3CVSS5.9AI score0.00287EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/03 5:0 p.m.6 views

AWS VDP: Non-Production API Endpoints for the Amazon S3 Tables Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration

A vulnerability was discovered in the Amazon S3 Tables service where certain non-production API endpoints failed to log calls to CloudTrail. This allowed permission enumeration to be performed without leaving any trace in CloudTrail. Twenty-three endpoints were identified that exhibited this...

5.7AI score
Exploits0
Rows per page
Query Builder