9 matches found
CVE-2026-48794
CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...
CVE-2026-40280
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...
CVE-2026-40280
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...
PT-2026-37104
Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.30.1 and earlier Description Gotenberg is an API-based document conversion tool. The default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression...
libsoup 安全漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from bypassing cookie domain validation via capitalized characters...
CVE-2024-5699
In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
PT-2023-24777 · Grav · Grav
Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: The issue concerns a flat-file content management system where the denylist, introduced to prevent the execution of dangerous functions via malicious template injection, was insufficient. This allowe...
Open Networking Foundation ONOS 安全漏洞
Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from an Intent with a capital letter i...
OIC Exponent CMS Privilege Bypass Vulnerability
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A privilege bypass...