Lucene search
+L

11 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/31 8:1 a.m.11 views

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

...

8.1CVSS5.4AI score0.00338EPSS
Exploits0
NVD
NVD
added 2026/05/22 5:16 p.m.23 views

CVE-2026-34207

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

7.6CVSS0.00239EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2026/05/20 12:41 p.m.13 views

USN-8283-1: rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.1...

8.1CVSS5.9AI score0.0078EPSS
Exploits1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

4.3CVSS0.00217EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.15 views

Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filtering and runtime security for both GitHub-hosted and self-hosted runners. Harden-Runner versions 2.15.1 and earlier contained security vulnerabilities, which stemmed from an exploit that allowed DNS queries to...

4.6CVSS5.8AI score0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/20 11:8 p.m.10 views

CVE-2025-7395

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS6.4AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/18 10:15 p.m.18 views

CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/07/18 10:15 p.m.41 views

CVE-2025-7395

wolfSSL contains a certificate verification bypass when built with WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION, causing the client to fail to properly verify the server hostname and accept any certificate issued by a trusted CA. The CVE-2025-7395 entries from NVD, Debian, Alpine...

9.2CVSS6.5AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2022/11/04 11:4 a.m.4 views

OESA-2022-2041 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to th...

9.8CVSS7.2AI score0.04325EPSS
Exploits1References4
CNVD
CNVD
added 2017/07/13 12:0 a.m.6 views

PHP Security Bypass Vulnerability (CNVD-2017-23336)

PHP PHP: HypertextPreprocessor is an open source general-purpose computer scripting language maintained by the PHPGroup and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C and C++. A security vulnerability...

7.5CVSS7.9AI score0.01908EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2006/03/19 12:0 a.m.7 views

PT-2006-2269 · Glftpd · Glftpd

Name of the Vulnerable Software and Affected Versions: glFTPd versions prior to 2.01 RC5 Description: The issue allows remote attackers to bypass IP checks by using a crafted DNS hostname. This could potentially include a hostname that appears to be an IP address. Recommendations: For versions...

7.5CVSS6.6AI score0.01548EPSS
Exploits0References4
Rows per page
Query Builder