102 matches found
UBUNTU-CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
PT-2026-43392
Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...
Astra Linux - уязвимость в tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1...
EUVD-2026-16307
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
Keycloak: manage-clients permission escalates to full realm admin access
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
EUVD-2026-10599
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-10598
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
MapUrlToZone Security Feature Bypass Vulnerability
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
PT-2026-24277
Уязвимость метода MapUrlToZone операционных систем Windows связана с неправильным разрешением эквивалентности пути. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие механизмы безопасности...
CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...
SecIC3: Customizing IC3 for Hardware Security Verification
Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...
Path Equivalence
Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...