689 matches found
Change Detection - Server Side Template Injection
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...
CVE-2026-57221
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...
CVE-2026-15146
A flaw was found in Wget. When operating in FTP passive mode, Wget fails to validate the IP address provided in an FTP PASV response. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this vulnerability to redirect Wget's data connection to an arbitrary IP addres...
CVE-2026-57221 RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...
CVE-2026-57221 RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...
CVE-2026-57221
RabbitMQ vulnerability CVE-2026-57221 affects passive queue.declare and exchange.declare operations in AMQP 0-9-1. Prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6, authenticated users who can connect to a virtual host could enumerate queue and exchange names and read queue message and consum...
CVE-2026-15146
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
CVE-2026-15146 CVE-2026-15146
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
EUVD-2026-42980
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
CVE-2026-15146
GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...
PT-2026-57306
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...
EUVD-2026-42317
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
PT-2026-56479
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...
CVE-2026-57082
The CVE-2026-57082 issue affects Net::BitTorrent for Perl (up to version 2.0.1). The MSE handshake derives its 160-bit Diffie-Hellman private key from Perl’s rand(), a non-cryptographic PRNG seeded once per process, via KeyExchange.pm. As a result, the shared secret and the RC4 keys (SHA-1("keyA"...
EUVD-2026-40291
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57082
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
VMware vCenter Server - Out-of-Bounds Write
vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server. id: CVE-2023-34048 info: name: VMware vCenter Server - Out-of-Bounds Write author: ritikchaddh...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: Added an seqadj extension for natted connections. Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. This is due to the need to rewrite the packet payload IP, port on the ftp control...