132 matches found
Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).
Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...
CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...
EUVD-2024-54938
Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12...
CVE-2026-43869
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...
CVE-2026-44502
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...
CVE-2026-44502
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...
Astra Linux - уязвимость в apache-log4j2
Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....
EUVD-2026-27237
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
GHSA-7PWC-H2J2-RJGJ Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
UBUNTU-CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-43869
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
PT-2026-36985
Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Improper validation of certificates with host mismatch occurs in Apache Thrift. Recommendations Upgrade to version 0.23.0...
JLSEC-2026-389
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
SUSE CVE-2026-41603
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...