19 matches found
BIT-NODE-MIN-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
CVE-2026-48618
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...
CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
SUSE-SU-2026:2633-1 Security update for nodejs24
This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...
Security Bulletin: Multiple Vulnerabilities in cryptography bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the cryptography library, which is vulnerable to a critical buffer overflow and an improper certificate validation flaw. A classic buffer overflow vulnerability exists when non-contiguous...
Linux Distros Unpatched Vulnerability : CVE-2026-48618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver an...
EUVD-2026-18206
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-3872
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass
wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...
CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass
wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...
Laravel 安全漏洞
Laravel is a web application framework from the Laravel community. A security vulnerability exists in Laravel versions prior to 11.44.1 and prior to 12.1.1 that stems from a wildcard validation bypass...
Google Chrome Content Security Policy Access Restriction Bypass Vulnerability (CNVD-2015-07972)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'CSPSource::hostMatches' function in the WebKit/Source/core/frame/csp/CSPSource.cpp file in the Content Security Policy CSP implementation of Google Chrome prior to 47.0.2526.73,...
UBUNTU-CVE-2015-6785
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a .x.y pattern, which might allow remote attackers to bypass intended access restrictions...
[Knock] Subdomain Scanner
Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...
Knock v1.5 - Subdomain Scanner , allows to bypass wildcard
Knock v1.5 - Subdomain Scanner , allows to bypass wildcard Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist. This program is self contained, doesn't need to be installed in any particular location. All it needs i...
Knock v1.5 - Subdomain Scanner , allows to bypass wildcard
Knock v1.5 - Subdomain Scanner , allows to bypass wildcard Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist. This program is self contained, doesn't need to be installed in any particular location. All it needs i...
CVE-2008-3424
Condor before 7.0.4 does not properly handle wildcards in the ALLOWWRITE, DENYWRITE, HOSTALLOWWRITE, or HOSTDENYWRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions...