GNU Inetutils Telnetd Remote Authentication Bypass Vulnerability Volerion Risk Score: 8 Why this matters A flaw in GNU Inetutils telnetd (versions 1.9.3–2.7) lets a remote client bypass authentication entirely by sending the USER=-f root environment variable. Successful exploitation grants a shell running as root, enabling full system compromise without any credentials. Recommended actions Disable the telnetd service entirely whenever possible. If telnet access is required, configure a custom...

libsoup WebSocket Out-of-Bounds Read Vulnerability Volerion Risk Score: 8.2 Why this matters When max_incoming_payload_size is left unset (or set to 0), a remote attacker can send crafted WebSocket frames that cause the libsoup function process_frame() to read outside a buffer. This out-of-bounds read may crash applications using libsoup or leak memory contents, exposing sensitive information and setting the stage for more severe exploits. Recommended actions Configure applications to set...

cpp-httplib CRLF Injection Vulnerability in Header Processing Allowing SSRF Volerion Risk Score: 7.7 Why this matters cpp-httplib versions ≤ 0.29.0 fail to sanitize carriage return and line feed characters in user-supplied header values. A remote attacker can inject additional headers, alter the HTTP request body, and leverage the issue for server-side request forgery (SSRF) against back-end systems that interpret pipelined requests. Recommended actions Upgrade to cpp-httplib 0.30.0 or later,...