406 matches found
PT-2026-31793
Name of the Vulnerable Software and Affected Versions WolfSSL affected versions not specified Description WolfSSL improperly handles URI name constraints from constrained intermediate Certificate Authorities CAs during certificate chain verification. The parsing of these constraints occurs, but...
CVE-2026-35611
A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...
EUVD-2026-19788
Addressable has a Regular Expression Denial of Service in Addressable templates...
Linux Distros Unpatched Vulnerability : CVE-2026-35611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI...
Regular Expression Denial of Service (ReDoS)
Overview addressable is an is an alternative implementation to the URI implementation that is part of Ruby's standard library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the URI template matching due to the use of regular expressions with...
ROS-20260407-73-0033
A vulnerability in the kernel/trace/ftrace.c component of the Linux kernel is related to the use of resources with a similar identifier. Exploitation of the vulnerability allows an attacker to cause a denial of service...
USN-8151-1: lambdaisland/uri vulnerability
It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...
CVE-2026-34229
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
PT-2026-30264
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
USN-8137-1: Ruby vulnerability
It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials...
CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
PT-2026-28743
Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...
Loofah has improper detection of disallowed URIs via `allowed_uri?`
Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...
CVE-2026-33635 iCalendar has ICS injection via unsanitized URI property values
iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...
CVE-2026-33635
iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...
CVE-2026-33635
iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...
EUVD-2026-16291
srvx is vulnerable to middleware bypass via absolute URI in request line...
iCalendar 注入漏洞
iCalendar is an open-source Ruby library for processing iCalendar format files. Versions 2.0.0 to 2.12.2 of iCalendar contain a vulnerability due to improper cleanup of URI attribute values during .ics serialization, which may lead to ICS injection attacks...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the Vikunja Desktop Electron wrapper, which directly passed the URL from the window.open call to...