Lucene search
K

16 matches found

OSV
OSV
added 2026/05/23 11:25 a.m.5 views

CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

10CVSS6.4AI score0.01272EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017367)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017367 advisory. Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Tenable has extracted the...

7.5CVSS5.8AI score0.01105EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/26 8:4 p.m.5 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.8AI score0.00217EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/24 1:47 p.m.4 views

EUVD-2025-198760

Malicious code in @ensdomains/ens-validation npm...

6.6AI score
Exploits0References1
Veracode
Veracode
added 2025/10/28 8:12 a.m.8 views

Improper Domain Name Validation

com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...

7.5CVSS6.5AI score0.00375EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-21936

Malicious code in bioql PyPI...

9.2CVSS6.3AI score0.00222EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.3 views

SUSE SLES15 Security Update : sevctl (SUSE-SU-2025:03306-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03306-1 advisory. - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed...

8.8CVSS5.3AI score0.00452EPSS
Exploits1References7
Microsoft CVE
Microsoft CVE
added 2025/09/04 10:52 a.m.5 views

Domain Name Validation Bypass with Apple Native Certificate Validation

...

9.2CVSS7AI score0.00222EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/18 10:15 p.m.3 views

CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS6.2AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.2 views

SSL.com 安全漏洞

SSL.com is a commercial certificate issuer program from SSL.com, Inc. A security vulnerability exists in versions of SSL.com prior to 2025-04-19, which stems from improper domain name validation and could result in the issuance of an incorrect certificate...

6.4CVSS6.6AI score0.00089EPSS
Exploits0References2
OSV
OSV
added 2025/04/14 11:34 a.m.8 views

BIT-PYTHON-MIN-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS5.9AI score0.01499EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/02/17 12:0 a.m.8 views

SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:0554-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0554-1 advisory. - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References4
OSV
OSV
added 2025/02/13 10:11 a.m.5 views

SUSE-SU-2025:0502-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705...

6.3CVSS7.7AI score0.01499EPSS
Exploits0References3
OSV
OSV
added 2025/01/31 6:15 p.m.15 views

CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.3AI score
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/03/27 3:12 p.m.5 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
OSV
OSV
added 2024/02/26 1:52 p.m.3 views

USN-6657-1 dnsmasq vulnerabilities

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. CVE-2023-50387 It was discovered that...

7.5CVSS6.8AI score0.99995EPSS
Exploits1References4
Rows per page
Query Builder