183 matches found
PT-2025-34298 · Liferay · Liferay Dxp
Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...
Linux Distros Unpatched Vulnerability : CVE-2022-25276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain...
CVE-2025-51471
A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...
CVE-2025-53709
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...
CVE-2025-53709
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...
PT-2025-29134 · Unknown · Secure-Upload
Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0 Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged...
libsoup: Cookie domain validation bypass via uppercase characters in libsoup
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
Improper Domain Validation
org.apache.httpcomponents.client5, httpclient5 is vulnerable to improper domain validation. The vulnerability is due to disabled domain checks where a bug in the PSL validation logic, affecting cookie management and host name verification, which allows an attacker to perform cookie injection or...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of uppercase characters in domain names during cookie domain validation. An attacker can bypass domain validation restrictions and set cookies for domains they do not contro...
CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
libsoup 安全漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from bypassing cookie domain validation via capitalized characters...
CVE-2025-43918
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...
CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-43918
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...
CVE-2025-43918
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...
CVE-2025-43918
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...
PT-2025-17396 · Ssl.Com · Ssl.Com
Name of the Vulnerable Software and Affected Versions: SSL.com versions prior to 2025-04-19 Description: The issue arises when domain validation method 3.2.2.4.14 is used, allowing a trusted TLS certificate to be issued for the domain name of a requester's email address, even if the requester doe...
CVE-2025-43918
CVE-2025-43918 describes a vulnerability in SSL.com prior to 2025-04-19 where the domain validation method 3.2.2.4.14 can cause certificate requests to be processed in a way that allows a trusted TLS certificate to be issued for the requester’s email-domain name, even if the requester lacks admin...
Security update for python311
This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...