Lucene search
+L

319 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-52842

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...

9.3CVSS0.00161EPSS
Exploits0References4
CVE
CVE
added 6 days ago22 views

CVE-2026-10666

CVE-2026-10666 affects Zephyr OS: parse_ipv4() in subsys/net/ip/utils.c used by net_ipaddr_parse() for inputs like "a.b.c.d:port" copies the port substring into a fixed 17-byte buffer without validating the length, using str_len (unbounded) and end (offset of ':'). This leads to an out-of-bounds ...

9.8CVSS6.2AI score0.00346EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS0.00346EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 6:40 a.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/24 7:30 p.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/16 10:54 p.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS8.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:57 p.m.13 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.8AI score0.00728EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.4 views

The vulnerabilities of the functions ParseAddress(), ParseAddressList(), and ParseDate() in the Go programming language allow a hacker to cause a service failure.

The vulnerability of the ParseAddress, ParseAddressList, and ParseDate functions in the Go programming language is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.00784EPSS
Exploits0References6Affected Software2
Amazon
Amazon
added 2026/06/08 12:0 a.m.21 views

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.8AI score0.00813EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.13.0 : libpcap (EulerOS-SA-2026-2173)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8...

1.9CVSS5.5AI score0.00102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.14 views

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.4AI score0.00798EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 7:3 p.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:58 p.m.11 views

CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:58 p.m.11 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:13 p.m.33 views

CVE-2026-44502 Bugsink: SSRF bypass in `validate_webhook_url`

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS0.00286EPSS
Exploits0References3
Amazon
Amazon
added 2026/05/26 12:0 a.m.24 views

Important: libcap

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.25 views

Important: cni-plugins

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Rows per page
Query Builder