303 matches found
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
ALSA-2026:35830 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 For more details about the security issue...
SUSE CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676
A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...
CVE-2026-13676
The CVE concerns the fast-uri library (versions 2.3.1–3.1.2 and 4.0.0) where the IDN host canonicalization path fails to normalize Unicode hosts for HTTP URLs. A helper used in IDN conversion does not exist on the global URL constructor, leaving the host in Unicode form while normalize() and equa...
SUSE-SU-2026:22242-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
Important: docker
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
Linux Distros Unpatched Vulnerability : CVE-2026-45409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA...
CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
PYSEC-2026-215
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
DEBIAN-CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
UBUNTU-CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409
CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
Internationalized Domain Names in Applications 安全漏洞
Internationalized Domain Names in Applications is a tool for encoding and decoding internationalized domain names, developed by Kim Davies as a personal project. Versions of Internationalized Domain Names in Applications prior to version 3.15 contained a security vulnerability. This vulnerability...
PT-2026-43392
Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...