47 matches found
CVE-2026-0087
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
EUVD-2026-33799
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0087
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0087
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2026-45593
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
EUVD-2021-26110
Malware in sbrugna...
EUVD-2001-1545
Malware in sbrugna...
EUVD-2009-3738
Malware in sbrugna...
EUVD-2022-0169
Malicious code in bioql PyPI...
CVE-2021-39753
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
OESA-2024-2420 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
Medium: python
Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...
CVE-2024-45522
CVE-2024-45522 affects Linen ( Linen.dev ) with an improper domain validation in the forgot-password flow. The issue occurs in the endpoint at apps/web/pages/api/forgot-password/index.ts, where the domain is not verified against linen.dev or www.linen.dev during password resets, potentially enabl...
CVE-2024-45522
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts...
Medium: curl
Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
AlmaLinux 9 : python3.9 (ALSA-2024:0466)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0466 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...