Lucene search
K

237 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-59882

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS0.00186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS0.00186EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42319

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6AI score0.00186EPSS
Exploits0References4
CVE
CVE
added 6 days ago9 views

CVE-2026-59882

The CVE affects guzzlehttp/psr7 (PSR-7 HTTP message library for PHP). Prior to version 2.12.3, Uri::assertValidHost() fails to reject authority delimiters, embedded ports, or malformed IPv6 brackets in host components, causing Uri::getHost() to disagree with the URI authority used for security or...

4.2CVSS6AI score0.00186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS6AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/07/06 8:16 p.m.7 views

CVE-2026-50134

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.51 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

0.00508EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/01 11:30 a.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 8:27 p.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/30 3:52 p.m.33 views

CVE-2026-58169 Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 3:52 p.m.20 views

CVE-2026-58169

CVE-2026-58169 — Vibe-Trading

7.7CVSS6.4AI score0.00286EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/26 10:50 p.m.7 views

ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.22 views

libcurl 7.69.0 < 8.21.0 SSH Improper Host Validation

The version of libcurl installed on the remote host is 7.69.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a libcurl-based application performs transfers via SCP or SFTP and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an...

7.4CVSS6AI score0.00508EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification

The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...

7.5CVSS6AI score0.00574EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 10:29 p.m.16 views

CVE-2026-40080

The CVE CVE-2026-40080 affects Cacti (open source performance and fault management framework) up to version 1.2.30. The vulnerability is an Open Redirect: login flow uses $_SERVER['HTTP_REFERER'] when login_opts == '1' and checks the referer with a substring (str_contains($referer, CACTI_PATH_URL...

6.1CVSS5.8AI score0.00151EPSS
Exploits1References2Affected Software1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.15 views

SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/23 12:59 p.m.6 views

JLSEC-2026-623 Insufficient HTTP/2 pseudo-header and Host/:authority validation in HTTP.jl server

Description The HTTP/2 server's request validator passed only :method, :path, and :authority through a normalizer that rejects CR/LF/CTL but permits SP/HTAB and applies no host or token grammar. As a result a :method such as "GET /admin?x=" was accepted, :path could carry interior whitespace, and...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:33 p.m.3 views

CVE-2024-51454

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/18 4:16 p.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS8.3AI score0.00728EPSS
Exploits0References8
Rows per page
Query Builder