Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/19 7:23 p.m.18 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 7:23 p.m.16 views

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 1:12 p.m.8 views

JLSEC-2026-398

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.9AI score0.02927EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.9AI score0.02927EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/06/11 1:15 a.m.4 views

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.2CVSS8.6AI score0.00551EPSS
Exploits0References7
OSV
OSV
added 2022/10/29 8:15 p.m.3 views

ALPINE-CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS7.3AI score0.02927EPSS
Exploits0References1
OSV
OSV
added 2022/10/29 8:15 p.m.5 views

AZL-11368 CVE-2022-42915 affecting package curl for versions less than 7.86.0-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.8AI score0.02927EPSS
Exploits0References1
Saint
Saint
added 2009/08/12 12:0 a.m.40 views

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

10CVSS9.7AI score0.41388EPSS
Exploits5
Saint
Saint
added 2009/08/12 12:0 a.m.40 views

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

10CVSS6.5AI score0.41388EPSS
Exploits5
Rows per page
Query Builder