Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 7:59 p.m.10 views

CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

8.1CVSS5.8AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.17 views

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.6 views

CVE-2022-24969

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability...

6.1CVSS6.7AI score0.02073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 p.m.9 views

CVE-2021-25640

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

6.1CVSS6.7AI score0.02073EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/09/13 9:48 a.m.4 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/08 7:45 a.m.5 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
OSV
OSV
added 2022/07/14 3:15 p.m.3 views

UBUNTU-CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS6.8AI score0.05614EPSS
Exploits0References6
Rows per page
Query Builder