168015 matches found
MINI-V5P6-8CVC-MW9J
Bulletin has no description...
MINI-QH36-8746-66CV
Bulletin has no description...
CVE-2026-9697
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...
MINI-J5Q3-8PHF-XV6C
Bulletin has no description...
MINI-JW9W-W8HF-H3CX
Bulletin has no description...
MINI-JMM2-QCQV-89V4
Bulletin has no description...
MINI-PGQ9-P4V3-CQ67
Bulletin has no description...
MINI-6V8X-7G9M-69H3
Bulletin has no description...
MINI-GRG9-MFF3-WWQ3
Bulletin has no description...
CVE-2026-48979
PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header declared in the...
MINI-J548-8JWF-465H
Bulletin has no description...
CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...
CGA-73QJ-WQCV-39RP
Bulletin has no description...
GHSA-52MM-H59V-F3C7 earmark: Stored XSS via unescaped HTML attribute values
Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...
CGA-WF82-9WRV-GJCG
Bulletin has no description...
DEBIAN-CVE-2026-9697
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
DEBIAN-CVE-2026-9678
Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...
DEBIAN-CVE-2026-9679
Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...
DEBIAN-CVE-2026-6734
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...
DEBIAN-CVE-2026-11525
Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...