Lucene search
K

724 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00137EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago5 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/07 10:2 a.m.11 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35830 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 For more details about the security issue...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 2:38 p.m.23 views

CVE-2026-27956

Affected product: Coolify (open-source self-hostable tool). Vulnerability: Cross-team domain enumeration via the endpoint GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid} allows any authenticated API user to enumerate FQDNs of applications belonging to other teams. Root cause (as stated)...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS0.00213EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:2 p.m.4 views

CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 9:14 p.m.12 views

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 9:9 a.m.2 views

SUSE-SU-2026:22242-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References37
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA...

6.9CVSS6.2AI score0.00408EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 11:16 p.m.12 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.13 views

PYSEC-2026-215

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.1AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.7 views

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.9 views

UBUNTU-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 10:6 p.m.35 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:6 p.m.11 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:6 p.m.46 views

CVE-2026-45409

CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/05 10:6 p.m.13 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS6.3AI score0.00408EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS5.4AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder