3 matches found
EUVD-2026-41427
Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...
CVE-2026-59096
Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...
Eclipse Attacks on Ethereum'S Peer-To-Peer Network
Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...