34267 matches found
CVE-2026-47737
CVE-2026-47737 affects the Puma Ruby/Rack web server. From 5.5.0 up to 7.2.1 and 8.0.2, it is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used. Puma re-parses PROXY protocol headers after each keep-alive on the same connec...
CVE-2026-50659
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network...
CVE-2026-48760
Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...
CVE-2026-45064
Symfony’s HtmlSanitizer UrlSanitizer.parse() is vulnerable in 6.1.0-BETA1 through 6.4.40, 7.4.12, and 8.0.12, because Unicode BiDi formatting characters pass through into href/src attributes, enabling visual spoofing where the link text differs from the destination. The issue is fixed in 6.4.40, ...
CVE-2026-45063
Symfony X509Authenticator vulnerability (CVE-2026-45063) allows identity spoofing because an unanchored regex extracts emailAddress from the certificate Subject DN, enabling a trusted certificate with emailAddress embedded in another RDN (e.g., CN) to authenticate as another user. Impact is high ...
CVE-2026-56181
Origin validation error in Windows Network Address Translation NAT allows an unauthorized attacker to perform spoofing over an adjacent network...
CVE-2026-56157
Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55135
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55126
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55126 Microsoft SharePoint Server Spoofing Vulnerability
...
CVE-2026-55034
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55030
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55020
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55021
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55019
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-55016
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-50684
Improper neutralization of input during web page generation 'cross-site scripting' in Active Directory Federation Services AD FS allows an authorized attacker to perform spoofing over a network...
CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability
...
Description of the security update for SharePoint Server 2016: June 9, 2026 (KB5002880)
None None...
Description of the security update for SharePoint Server Subscription Edition: June 9, 2026 (KB5002873)
None None...