Lucene search
K

22 matches found

AlpineLinux
AlpineLinux
added 2026/06/23 7:13 p.m.7 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS5.8AI score0.0024EPSS
Exploits1References5
OSV
OSV
added 2026/06/19 6:19 p.m.3 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS6AI score0.0065EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 6:19 p.m.22 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50475

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description When NC SECURE ATTACHMENTS is set to true, an authenticated uploader can upload .html or .svg attachments that the browser renders inline from the NocoDB origin instead of forcing a download. This...

5.1CVSS5.7AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:50 p.m.14 views

CVE-2026-45297 Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 5:1 p.m.13 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/20 4:56 p.m.11 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 4:12 p.m.22 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/30 4:3 p.m.6 views

CVE-2026-40453

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

9.9CVSS6.6AI score0.0086EPSS
Exploits1References4
OSV
OSV
added 2026/04/15 12:45 a.m.10 views

CLEANSTART-2026-FB07695 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint

Multiple security vulnerabilities affect the velero-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual vulnerability...

9.8CVSS6.8AI score0.00765EPSS
Exploits6References42
OSV
OSV
added 2026/04/15 12:44 a.m.16 views

CLEANSTART-2026-QO20135 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint

Multiple security vulnerabilities affect the minio-operator-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual...

9.8CVSS7.2AI score0.00765EPSS
Exploits2References30
RedhatCVE
RedhatCVE
added 2026/04/13 11:33 a.m.5 views

CVE-2026-33810

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/04/08 2:16 a.m.5 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.2CVSS5.9AI score0.0034EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:6 a.m.2 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS7.1AI score0.0034EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/05/30 2:22 a.m.4 views

SUSE CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

5.3CVSS8.6AI score0.00875EPSS
Exploits0References8
Snyk
Snyk
added 2023/05/29 7:21 a.m.1 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if...

5.3CVSS6.9AI score0.00875EPSS
Exploits0References2
OSV
OSV
added 2023/05/28 11:15 p.m.6 views

AZL-26944 CVE-2023-32762 affecting package qt5-qtbase for versions less than 5.12.11-8

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

5.3CVSS6AI score0.00875EPSS
Exploits0References1
OSV
OSV
added 2023/05/28 11:15 p.m.3 views

DEBIAN-CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

5.3CVSS5.5AI score0.00875EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.7 views

SUSE CVE-2011-0449

actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...

7.5CVSS7AI score0.02498EPSS
Exploits1References4
Rows per page
Query Builder