Lucene search
K

183 matches found

Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34298 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...

4.8CVSS6.5AI score0.00199EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-25276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain...

6.1CVSS6.1AI score0.00526EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/22 7:44 p.m.7 views

CVE-2025-51471

A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...

6.9CVSS7.2AI score0.03837EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/07/12 7:24 p.m.10 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS7.3AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/07/10 7:15 p.m.30 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.9 views

PT-2025-29134 · Unknown · Secure-Upload

Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0 Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged...

5.4CVSS6.4AI score0.00166EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/26 7:1 a.m.32 views

libsoup: Cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References5
Veracode
Veracode
added 2025/05/05 2:16 a.m.10 views

Improper Domain Validation

org.apache.httpcomponents.client5, httpclient5 is vulnerable to improper domain validation. The vulnerability is due to disabled domain checks where a bug in the PSL validation logic, affecting cookie management and host name verification, which allows an attacker to perform cookie injection or...

7.5CVSS7.4AI score0.00745EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2025/04/29 1:42 p.m.3 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of uppercase characters in domain names during cookie domain validation. An attacker can bypass domain validation restrictions and set cookies for domains they do not contro...

5.3CVSS5.8AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/29 12:56 p.m.28 views

CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS0.00348EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/29 12:56 p.m.6 views

CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS4.5AI score0.00348EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.5 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from bypassing cookie domain validation via capitalized characters...

4.3CVSS4.8AI score0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/26 1:20 a.m.17 views

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...

6.4CVSS7AI score0.00089EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 11:44 a.m.56 views

CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

0.00745EPSS
Exploits0References4
NVD
NVD
added 2025/04/19 10:15 p.m.20 views

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...

6.4CVSS0.00089EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/19 12:0 a.m.6 views

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...

6.4CVSS6.5AI score0.00089EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/19 12:0 a.m.12 views

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that...

6.4CVSS0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.4 views

PT-2025-17396 · Ssl.Com · Ssl.Com

Name of the Vulnerable Software and Affected Versions: SSL.com versions prior to 2025-04-19 Description: The issue arises when domain validation method 3.2.2.4.14 is used, allowing a trusted TLS certificate to be issued for the domain name of a requester's email address, even if the requester doe...

6.4CVSS6.5AI score0.00089EPSS
Exploits0References8
CVE
CVE
added 2025/04/19 12:0 a.m.72 views

CVE-2025-43918

CVE-2025-43918 describes a vulnerability in SSL.com prior to 2025-04-19 where the domain validation method 3.2.2.4.14 can cause certificate requests to be processed in a way that allows a trusted TLS certificate to be issued for the requester’s email-domain name, even if the requester lacks admin...

6.4CVSS7AI score0.00089EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/03/19 11:45 a.m.12 views

Security update for python311

This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...

8.4CVSS10AI score0.34174EPSS
Exploits6References82
Rows per page
Query Builder