Lucene search
K

19 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-MIN-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 10:18 p.m.8 views

CVE-2026-48618

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS6.9AI score0.00674EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS0.00674EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.12 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0
OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02806EPSS
Exploits3References43
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 9:10 a.m.3 views

Security Bulletin: Multiple Vulnerabilities in cryptography bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the cryptography library, which is vulnerable to a critical buffer overflow and an improper certificate validation flaw. A classic buffer overflow vulnerability exists when non-contiguous...

9.8CVSS6.6AI score0.00652EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver an...

7.7CVSS7AI score0.00674EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18206

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

7.3CVSS5.8AI score0.0044EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:37 p.m.28 views

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

7.3CVSS5.8AI score0.0044EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.30 views

CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.3 views

CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS5.9AI score0.0032EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.8 views

Laravel 安全漏洞

Laravel is a web application framework from the Laravel community. A security vulnerability exists in Laravel versions prior to 11.44.1 and prior to 12.1.1 that stems from a wildcard validation bypass...

9.8CVSS6.4AI score0.00685EPSS
Exploits1References3
CNVD
CNVD
added 2015/12/08 12:0 a.m.6 views

Google Chrome Content Security Policy Access Restriction Bypass Vulnerability (CNVD-2015-07972)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'CSPSource::hostMatches' function in the WebKit/Source/core/frame/csp/CSPSource.cpp file in the Content Security Policy CSP implementation of Google Chrome prior to 47.0.2526.73,...

4.3CVSS9AI score0.01721EPSS
Exploits0References1
OSV
OSV
added 2015/12/05 12:0 a.m.3 views

UBUNTU-CVE-2015-6785

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a .x.y pattern, which might allow remote attackers to bypass intended access restrictions...

4.3CVSS7.2AI score0.01721EPSS
Exploits0References4
Kitploit
Kitploit
added 2013/01/09 3:20 a.m.18 views

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/24 5:25 p.m.3 views

Knock v1.5 - Subdomain Scanner , allows to bypass wildcard

Knock v1.5 - Subdomain Scanner , allows to bypass wildcard Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist. This program is self contained, doesn't need to be installed in any particular location. All it needs i...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/24 5:25 p.m.16 views

Knock v1.5 - Subdomain Scanner , allows to bypass wildcard

Knock v1.5 - Subdomain Scanner , allows to bypass wildcard Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist. This program is self contained, doesn't need to be installed in any particular location. All it needs i...

6.8AI score
Exploits0
Debian CVE
Debian CVE
added 2008/07/31 10:0 p.m.41 views

CVE-2008-3424

Condor before 7.0.4 does not properly handle wildcards in the ALLOWWRITE, DENYWRITE, HOSTALLOWWRITE, or HOSTDENYWRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions...

7.5CVSS6.5AI score0.02651EPSS
Exploits0
Rows per page
Query Builder