Lucene search
K

10 matches found

Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS
Exploits0References4
NVD
NVD
added 2026/06/16 1:16 a.m.7 views

CVE-2026-12162

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

5.5CVSS0.00112EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/01 8:24 a.m.16 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 9:2 a.m.17 views

CLSA-2026-1776070934 grafana: Fix of CVE-2026-25679

rebuild with golang 1.25.7-els2 which fixes the following CVEs - - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.1 views

DEBIAN-CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:28 p.m.13 views

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

5.8AI score0.00728EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Misskey 代码问题漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A code issue vulnerability exists in versions prior to Misskey 2024.11.0-alpha.3 that stems from not properly checking the target host and allows an attacker to send a POST or GET request to an...

6.4CVSS7AI score0.00211EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/12/14 7:16 p.m.5 views

keycloak: redirect_uri validation bypass

A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users...

7.1CVSS5.7AI score0.0095EPSS
Exploits0References4
OSV
OSV
added 2018/12/04 5:29 p.m.3 views

CVE-2018-6101

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

7.5CVSS7.6AI score0.02658EPSS
Exploits0References6
Prion
Prion
added 2018/12/04 5:29 p.m.15 views

Design/Logic Flaw

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

5.1CVSS7.7AI score0.02658EPSS
Exploits0References6Affected Software5
Rows per page
Query Builder