Lucene search
+L

731 matches found

OSV
OSV
added 5 days ago6 views

JLSEC-2026-696 Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A...

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS6.1AI score0.00124EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 5 days ago14 views

CVE-2026-46644

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
CVE
CVE
added 5 days ago61 views

CVE-2026-46644

CVE-2026-46644 affects symfony/polyfill-intl-idn (1.17.1–1.38.1). The Idn::process() routine does not enforce UTS #46 rev 33 after Punycode decoding, allowing xn-- labels with empty or ASCII-only payloads to be treated as equal to their decoded form. This can enable blacklist bypass, inconsistent...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/09 8:7 p.m.5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/07/09 7:2 p.m.8 views

Security update for rustup

This update for rustup fixes the following issues Security issues: CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. CVE-2026-41676: openssl: Deriver:derive and...

8.7CVSS7.1AI score0.00359EPSS
Exploits1References44
SUSE Linux
SUSE Linux
added 2026/07/09 6:42 p.m.6 views

Security update for warewulf4

This update for warewulf4 fixes the following issues: Update to v4.7.0. Security issues fixed: CVE-2025-69725: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258511. CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

9.1CVSS6.8AI score0.00781EPSS
Exploits0References20
OSV
OSV
added 2026/07/09 6:7 p.m.2 views

SUSE-SU-2026:2822-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and SANs bsc1257960. - CVE-2026-3833: incorrectly accepted domain names due to comparison during...

9.8CVSS6.7AI score0.01335EPSS
Exploits2References25
RedHat Linux
RedHat Linux
added 2026/07/07 10:2 a.m.11 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 12:0 a.m.8 views

ALSA-2026:35830 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 For more details about the security issue...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

openSUSE 16 Security Update : dnsmasq (openSUSE-SU-2026:21192-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21192-1 advisory. This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported...

7.5CVSS6.3AI score0.00754EPSS
Exploits1References7
CVE
CVE
added 2026/06/30 2:38 p.m.24 views

CVE-2026-27956

Affected product: Coolify (open-source self-hostable tool). Vulnerability: Cross-team domain enumeration via the endpoint GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid} allows any authenticated API user to enumerate FQDNs of applications belonging to other teams. Root cause (as stated)...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 8:17 p.m.11 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS0.00213EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:2 p.m.4 views

CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 9:14 p.m.16 views

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 9:9 a.m.3 views

SUSE-SU-2026:22242-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References37
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA...

6.9CVSS6.2AI score0.00408EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 11:16 p.m.12 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.7 views

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder