Lucene search
K

1154 matches found

Cvelist
Cvelist
added 2026/05/07 7:41 p.m.90 views

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

0.00588EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 12:12 a.m.15 views

Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

9.1CVSS5.8AI score0.00818EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/07 12:12 a.m.19 views

Null Byte Interaction Error (Poison Null Byte)

Overview Affected versions of this package are vulnerable to Null Byte Interaction Error Poison Null Byte due to inadequate validation of domain name labels and lengths in the encodeDomainName and decodeDomainName components. An attacker can cause DNS cache poisoning, bypass domain validation, or...

9.1CVSS5.8AI score0.00818EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 12:12 a.m.11 views

GHSA-CM33-6792-R9FM Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

7.5CVSS5.8AI score0.00818EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016519 advisory. In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, ifa password stored with passwordhash starts with a null byte \x00, testing a blank string ...

6.5CVSS6.4AI score0.0148EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 6:27 p.m.14 views

Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/06 6:27 p.m.4 views

GHSA-V2FC-QM4H-8HQV Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 12:18 a.m.15 views

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/05 12:18 a.m.10 views

NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/05 12:18 a.m.2 views

GHSA-XHJH-PMCV-23JW Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-38372

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...

9.8CVSS5.8AI score0.00818EPSS
Exploits1References479
NVD
NVD
added 2026/05/04 7:16 a.m.19 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 5:52 a.m.5 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 5:52 a.m.38 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mutt before 2.3.2 does not check for '\0' in urlpctdecode. CVE-2026-43861 Note that Nessus relies on the presence of the package as reported by the vendor...

3.7CVSS6AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/05/02 1:8 a.m.7 views

CLSA-2026-1777541348 flatpak: Fix of CVE-2021-43860

CVE-2021-43860: hidden permissions via null byte in metadata file...

8.6CVSS7.3AI score0.01346EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/01 4:1 p.m.7 views

EUVD-2026-26665

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened...

6.5CVSS5.8AI score0.00528EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 9:0 p.m.18 views

Missing Release of Memory after Effective Lifetime

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the XSLT::Stylesheettransform function, when a string parameter containing a null byte is processed, preventing...

8.2CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/24 6:16 p.m.45 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00217EPSS
Exploits1References1
Rows per page
Query Builder