9 matches found
CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...
CVE-2026-49345
CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...
JLSEC-2026-398
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
CVE-2025-49091
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...
ALPINE-CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
AZL-11368 CVE-2022-42915 affecting package curl for versions less than 7.86.0-1
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
Windows Telnet credential reflection
Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...
Windows Telnet credential reflection
Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...