10 matches found
CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
CVE-2026-12162
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
Improper Validation of Certificate with Host Mismatch
Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...
CLSA-2026-1776070934 grafana: Fix of CVE-2026-25679
rebuild with golang 1.25.7-els2 which fixes the following CVEs - - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse...
DEBIAN-CVE-2026-25679
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...
CVE-2026-25679
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...
Misskey 代码问题漏洞
Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A code issue vulnerability exists in versions prior to Misskey 2024.11.0-alpha.3 that stems from not properly checking the target host and allows an attacker to send a POST or GET request to an...
keycloak: redirect_uri validation bypass
A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users...
CVE-2018-6101
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...
Design/Logic Flaw
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...