Lucene search
+L

8 matches found

OSV
OSV
added 2026/07/06 8:16 p.m.4 views

DEBIAN-CVE-2026-58404

Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses, including...

6.8CVSS5.8AI score0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:16 p.m.5 views

CVE-2026-58404

Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses, including...

4.6CVSS5.8AI score0.00208EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/06 7:16 p.m.13 views

CVE-2026-58404

Hugo: From v0.162.0 to v0.163.0, the default security.http.urls policy blocked loopback/internal/cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation. Consequently, alternate IPv4 encodings (integer, hex, octal) could resolve to blocked addresses when a template pa...

6.8CVSS5.8AI score0.00208EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45049

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description URL validation in the spider tools component can be bypassed using alternate loopback host encodings, leading to Server-Side Request Forgery SSRF. The validate url function only blocks a...

5.5CVSS6.1AI score0.00014EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/10/26 9:12 p.m.6 views

OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.1AI score0.02272EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/26 8:32 p.m.6 views

OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.1AI score0.02272EPSS
Exploits0References4
Veracode
Veracode
added 2020/10/23 8:58 a.m.54 views

Certificate Blacklist Bypass

OpenJDK is vulnerable to certificate blacklist bypass. The vulnerability exists through the alternate certificate encodings...

3.7CVSS2.8AI score0.02272EPSS
Exploits0References8Affected Software5
RedHat Linux
RedHat Linux
added 2020/10/22 7:41 p.m.5 views

OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.1AI score0.02272EPSS
Exploits0References4
Rows per page
Query Builder