Lucene search
K

235 matches found

RedHat Linux
RedHat Linux
added 2026/04/13 2:29 a.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/10 5:54 p.m.5 views

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References9
NVD
NVD
added 2026/04/10 5:17 p.m.5 views

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS0.00281EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:59 p.m.7 views

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/09 9:55 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/08 11:31 a.m.2 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29163

Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.4 Description The /loadIG API endpoint in the FHIR Validator HTTP service does not properly validate user-supplied URLs provided via a JSON body before making server-side HTTP requests. This allows an...

5.8CVSS6AI score0.00235EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/03/26 2:9 p.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Amazon
Amazon
added 2026/03/19 12:0 a.m.19 views

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.8AI score0.00728EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/18 5:47 p.m.24 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS0.0016EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/18 5:47 p.m.10 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS5.8AI score0.0016EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 4:34 p.m.10 views

GHSA-HHCG-R27J-FHV9 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Summary Glances recently added DNS rebinding protection for the MCP endpoint, but the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent host allowlist. As a result, the REST API, WebUI, and token endpoint remain...

5.9CVSS5.9AI score0.0016EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:34 p.m.8 views

Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Summary Glances recently added DNS rebinding protection for the MCP endpoint, but the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent host allowlist. As a result, the REST API, WebUI, and token endpoint remain...

5.9CVSS5.9AI score0.0016EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Quill 代码问题漏洞

Quill is an open-source application developed by Quill. It provides an application editor function. Versions of Quill prior to 0.7.1 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of validation of URL schemes and hosts when obtaining Apple, which could lead to...

5.3CVSS7.3AI score0.00097EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24604

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/07 12:30 a.m.4 views

EUVD-2026-10084

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

5.8AI score0.00728EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/07 12:26 a.m.6 views

SUSE CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

3.3CVSS5.8AI score0.00728EPSS
Exploits0References47
UbuntuCve
UbuntuCve
added 2026/03/06 10:16 p.m.5 views

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References6
Rows per page
Query Builder