Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 8:21 p.m.8 views

CVE-2026-46705 russh server userauth state is not reset when authentication principal changes

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/22 3:13 a.m.7 views

curl: CVE-2026-9546: sending old referer

Summary: libcurl documents that CURLOPTREFERER can be set to NULL to disable the Referer header again, but doing so after a transfer does not clear the cached per-handle referer state. As a result, the next HTTP request on the same easy handle can still send the previous request's Referer: value ...

7.5CVSS5.9AI score0.00206EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-25122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request heade...

7.5CVSS6.7AI score0.18114EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-45286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same...

5.9CVSS6.2AI score0.00728EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/23 8:15 p.m.7 views

CVE-2022-0981

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended...

8.8CVSS7.6AI score0.0115EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.4 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
Rows per page
Query Builder