EUVD-2026-28464

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:3471)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3471 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zi...

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

GHSA-R4Q9-XX5G-J24P s3-url-parser vulnerable to Denial of Service via regexes component

s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

PT-2022-13320

Name of the Vulnerable Software and Affected Versions url-parse versions prior to 1.5.7 Description The issue allows for authorization bypass through a user-controlled key. A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, will return the...