93 matches found
CVE-2026-9628
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...
libssh: libssh: Denial of Service via inefficient regular expression processing
A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...
Exploit for Incorrect Default Permissions in Rapid7 Velociraptor
CVE-2025-6264 DISCLAIMER: This is an educational researc...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or the knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resour...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...
EUVD-2026-16332
A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...
EUVD-2026-12762
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...
CVE-2026-4366
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...
CVE-2026-4366
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...
PT-2026-26028
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...
Keycloak 代码问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from improper handling of client configuration requests through HTTP redirection, which may lead to information leaks and internal...
Information Disclosure
Apache ZooKeeper is vulnerable to Information Disclosure. The vulnerability is due to improper handling of configuration values in ZKConfig, where sensitive client configuration data may be logged at INFO level in the client logfile, potentially exposing confidential information...
BIT-ZOOKEEPER-2026-24308 Apache ZooKeeper: Sensitive information disclosure in client configuration handling
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...
Linux Distros Unpatched Vulnerability : CVE-2026-24308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information...
CVE-2026-24308
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...
DEBIAN-CVE-2026-24308
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...
CVE-2026-24308
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...