Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/06 4:35 a.m.34 views

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

8.1CVSS0.00427EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 4:35 a.m.6 views

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

8.1CVSS5.7AI score0.00427EPSS
Exploits0References7
PyPA
PyPA
added 2022/03/31 11:15 p.m.7 views

PYSEC-2022-178

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

7.5CVSS7AI score0.01366EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/03/31 11:5 p.m.107 views

CVE-2022-24798

CVE-2022-24798 affects Internet Routing Registry daemon (IRRd) v4 where password hashes could be exposed in query responses for mntner objects and database exports. Root cause: insufficient filtering of password hashes in IRRd’s output. Affected products/versions: IRRd 4.2.x (mirrors not affected...

7.5CVSS7.7AI score0.01366EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder