Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/08 10:47 p.m.13 views

EUVD-2026-28846

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

6.9CVSS5.7AI score0.00346EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/26 1:53 p.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.5 views

Astra Linux – Vulnerability in Python 3.11

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

5.3CVSS6.7AI score0.02527EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/16 12:0 a.m.14 views

Medialize URI.js 输入验证错误漏洞

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch URLs. Medialize URI.js is vulnerable to an input validation error that results from a new URI that fails to properly parse https:///, which leads to the system user being directed to...

6.1CVSS5.6AI score0.0091EPSS
Exploits1References5
OSV
OSV
added 2016/11/02 12:0 a.m.7 views

UBUNTU-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

7.5CVSS6.8AI score0.05915EPSS
Exploits0References4
NVD
NVD
added 2008/11/04 12:58 a.m.28 views

CVE-2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service persistent crash via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsi...

4.3CVSS7.4AI score0.06203EPSS
Exploits0References8
Rows per page
Query Builder