Lucene search
K

66 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago7 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago11 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-MIN-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.7AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 10:39 p.m.8 views

CVE-2026-48928

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS5.7AI score0.00256EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39613

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.2AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS6.2AI score0.00256EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.6 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.6AI score0.00256EPSS
Exploits0
Hacker One
Hacker One
added 2026/04/07 8:41 p.m.8 views

Node.js: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname matching

Vulnerability description not provided...

5.4CVSS5.8AI score0.00256EPSS
Exploits0
OSV
OSV
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was allowlisted...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 9:59 a.m.5 views

CLSA-2026-1773941493 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: Improper Input Validation vulnerability - debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host name matching with strictSNI attribute on the Connector. Covers NIO, NIO2, and APR connectors. - CVE-2025-66614...

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 10:4 p.m.23 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:4 p.m.2 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 7:12 p.m.6 views

CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS5.9AI score0.003EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20335

Malicious code in bioql PyPI...

3.5CVSS6.4AI score0.00119EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/10 1:30 a.m.5 views

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

3.5CVSS7.6AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java that stems from...

3.5CVSS6.1AI score0.00119EPSS
Exploits0References3
Rows per page
Query Builder