CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

PT-2026-29126

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.0 Description Botan is a C++ cryptography library. When processing X.509 certificate paths with DNS name constraints, a case-sensitive comparison of the Common Name CN allowed a certificate to bypass restrictions...

UBUNTU-CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

CLEANSTART-2026-ML51665 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the stakater-reloader-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

MiracleLinux 9 : gnutls-3.8.3-6.el9_6.2 (AXSA:2025-10868:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10868:03 advisory. gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS SCT extension parsing CVE-2025-32989 gnutl...

EUVD-2007-4145

Malware in sbrugna...

CVE-2024-28277

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subjectname= parameter, enabling Stored Cross-Site Scripting XSS attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloa...

PT-2024-22376 · Unknown · Sourcecodester School Task Manager

Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: A vulnerability was identified within the subject name= parameter, enabling Stored Cross-Site Scripting XSS attacks. This issue allows attackers to manipulate the subject's name,...

CVE-2023-42308

Cross Site Scripting XSS vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section...

CVE-2023-42307

Cross Site Scripting XSS vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section...

CVE-2023-42308

Cross Site Scripting XSS vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section...

CVE-2023-42307

Cross Site Scripting XSS vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section...

Advisory ROSA-SA-2024-2372

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46-10.el8.src.rpm CVE-ID: CVE-2020-15719 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: libldap in some third-party OpenLDAP packages has a certificate validation error when the third-party package asserts support for...

Exam Form Submission Cross-Site Scripting Vulnerability

Code-Projects Exam Form Submission is a Code-Projects open source exam form. A cross-site scripting vulnerability exists in Exam Form Submission version 1.0, which stems from a cross-site scripting vulnerability in Manage Fastrack Subjects that allows an attacker to execute arbitrary code via...

CVE-2023-42307

Cross Site Scripting XSS vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section...

CVE-2023-42307

Cross Site Scripting XSS vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section...

PT-2024-13037 · Unknown · Code-Projects Exam Form Submission

Name of the Vulnerable Software and Affected Versions: Code-Projects Exam Form Submission version 1.0 Description: The issue allows attackers to run arbitrary code via the Subject Name and Subject Code sections, potentially leading to unauthorized actions. This is a Cross Site Scripting XSS issue...

CVE-2023-42308

Cross Site Scripting XSS vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section...

CVE-2023-33201

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...

Bouncy Castle 信任管理问题漏洞

Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages. A security vulnerability exists in Bouncy Castle For Java versions prior to 1.74, which stems from an LDAP injection vulnerability due to a failure to...