Lucene search
K

141 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing...

4.2CVSS6.2AI score0.00186EPSS
Exploits0References3
CVE
CVE
added 2026/07/03 6:15 a.m.34 views

CVE-2026-8926

CVE-2026-8926 affects curl when using a .netrc file for credentials while the URL contains a username (no password). The vulnerability can cause curl to fetch and use the password of another user for the same host if a matching host exists in .netrc, leading to credential disclosure. The issue is...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:13 p.m.42 views

CVE-2026-50019 yt-dlp: File Downloader cookie leak with curl

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS0.00268EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/23 4:13 p.m.6 views

CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.18 views

Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.3AI score0.00632EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/15 8:11 p.m.8 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the serverhostname parameter handling during HTTPS connection reuse. An attacker can bypass intended TLS SNI checks by reusing an existing connection with a different...

7.5CVSS5.3AI score0.00266EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:17 p.m.8 views

Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).

Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...

7.5CVSS6.4AI score0.0086EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 12:34 p.m.10 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 12:0 a.m.8 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

5CVSS5.3AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 3:30 p.m.4 views

EUVD-2024-54938

Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12...

7.3CVSS5.8AI score0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 7:54 a.m.14 views

CVE-2026-43869

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.7AI score0.00632EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.27 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS0.00286EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache Log4j2

Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....

4.3CVSS6.6AI score0.08096EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 9:31 a.m.11 views

EUVD-2026-27237

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.8AI score0.00632EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 9:31 a.m.5 views

GHSA-7PWC-H2J2-RJGJ Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/05 9:31 a.m.8 views

Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/05 8:16 a.m.17 views

CVE-2026-43869

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS0.00632EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2026/05/05 8:16 a.m.5 views

CVE-2026-43869

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 8:16 a.m.4 views

UBUNTU-CVE-2026-43869

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References3
Rows per page
Query Builder