CVE-2026-39821

A flaw was found in the idna package, specifically within the golang.org/x/net/idna component. This vulnerability allows for privilege escalation due to incorrect processing of Punycode-encoded labels. An attacker could craft a malicious Punycode label that, when initially checked, appears safe b...

CVE-2026-41682

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

ts3-manager 输入验证错误漏洞

ts3-manager is a web interface for maintaining the Teamspeak3 server by Jonathan Personal Developer. An input validation error vulnerability exists in ts3-manager version 2.2.1 and earlier, which stems from Unicode tagged characters not being handled correctly during the ASCII conversion process,...

CBL Mariner 2.0 Security Update: curl (CVE-2022-42916)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-42916 advisory. - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS...

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue occurs because curl's HSTS check can be bypassed to trick it to keep using HTTP. Using its HSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism...

OESA-2021-1291 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Brave Software: Bypassing Homograph Attack Using /@ [ Tested On Windows ]

Summary: Bypassing Homograph Attack Using /@ I look at on my previous report on 268984 and see patch code in the github https://github.com/brave/browser-laptop/commit/f2e438d6158fbc62e2641458b6002a72d223c366 I look at code at it'returns the punycode URL when given a valid URL', function...

Blade API Monitor - Unicode Bypass Serial Number Buffer Overflow

!/usr/bin/python -w --------------------------------------------------------------------------------- Exploit: Blade API Monitor Unicode Bypass Serial Number BOF Author: b33f Ruben Boonen - http://www.fuzzysecurity.com http://www.fuzzysecurity.com/exploits/8.html OS: WinXP PRO SP3 Software:...

Stack overflow

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...

2 0 0 7 the latest IE 0day net horse picture that-the vulnerability warning-the black bar safety net

Ghost boy Note: This something has recently fried very hot, the css calls the two pictures, but it is unclear principle. Reportedly originally sold to 8W, but now it seems like everywhere got. Just in xiaoguang there to see, turn around, and his this added a simple encryption. Source: XG'Blog How...