symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form

Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9078

Firefox for iOS suffers a rendering issue in link-preview UI where specially crafted RTL and internationalized domain names could cause the displayed domain to visually reorder, making attacker-controlled sites appear as trusted origins. The vulnerability affects the RTL/IDN rendering surface wit...

EUVD-2016-9470

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-6133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN...

Linux Distros Unpatched Vulnerability : CVE-2017-15390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a...

Linux Distros Unpatched Vulnerability : CVE-2018-6175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN...

curl: IDN wildcard match may lead to Improper Cerificate Validation

A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...

K17742627: cURL and libcurl vulnerability CVE-2016-8625

Security Advisory Description curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVE-2016-8625 Impact Incorrect translation of International Doma...

SUSE CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

SUSE CVE-2018-6104

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

Mozilla Firefox has an unspecified vulnerability (CNVD-2021-99617)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox that stems from allowing attackers to conduct user obfuscation or phishing attacks when resolving international domain names. No detailed vulnerability details...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox that stems from allowing attackers to conduct user obfuscation or phishing attacks when resolving international domain names. No detailed vulnerability details...

The vulnerability of the Address Book component of the Microsoft Outlook client, which allows attackers to perform spoofing attacks

The vulnerability of the Address Book component in the Microsoft Outlook email client is related to insufficient validation of addresses in headers. Exploiting this vulnerability could allow attackers, operating remotely, to carry out spam attacks using externally similar IDN domains...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1762)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1233)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...