GNU Inetutils Telnetd Remote Authentication Bypass Vulnerability Volerion Risk Score: 8 Why this matters A flaw in GNU Inetutils telnetd (versions 1.9.3–2.7) lets a remote client bypass authentication entirely by sending the USER=-f root environment variable. Successful exploitation grants a shell running as root, enabling full system compromise without any credentials. Recommended actions Disable the telnetd service entirely whenever possible. If telnet access is required, configure a custom...

OWASP Core Rule Set Multipart Request Processing Vulnerability in Rule 922110 Volerion Risk Score: 7.4 Why this matters In affected versions of the OWASP Core Rule Set (CRS), rule 922110 keeps only the last Content-Type charset it encounters when inspecting multipart requests. An attacker can therefore smuggle a malicious charset (e.g. utf-7) into an earlier part and overwrite it with a benign value later in the request, bypassing the intended WAF protection and allowing harmful payloads to...

cpp-httplib CRLF Injection Vulnerability in Header Processing Allowing SSRF Volerion Risk Score: 7.7 Why this matters cpp-httplib versions ≤ 0.29.0 fail to sanitize carriage return and line feed characters in user-supplied header values. A remote attacker can inject additional headers, alter the HTTP request body, and leverage the issue for server-side request forgery (SSRF) against back-end systems that interpret pipelined requests. Recommended actions Upgrade to cpp-httplib 0.30.0 or later,...