BIT-DISCOURSE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was allowlisted...

CLSA-2026-1773941493 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: Improper Input Validation vulnerability - debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host name matching with strictSNI attribute on the Connector. Covers NIO, NIO2, and APR connectors. - CVE-2025-66614...

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

EUVD-2025-20335

Malicious code in bioql PyPI...

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java that stems from...

CVE-2024-47619 tranport: TLS host name wildcard matching too lax

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

AZL-79030 CVE-2025-22870 affecting package golang 1.25.7-1

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

AZL-58440 CVE-2025-22870 affecting package telegraf for versions less than 1.29.4-15

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CVE-2025-22870

CVE-2025-22870 has concrete details across connected docs: it impacts multiple Go-related packages (notably golang) and related ecosystems via a proxy matching bug. The flaw arises when IPv6 zone IDs are misinterpreted as hostname components in NO_PROXY, causing requests to [::1%25.example.com] t...

[SECURITY] [DLA 3613-1] curl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3613-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 11, 2023 https://wiki.debian.org/LTS -...

MGASA-2021-0491 Updated fossil packages fix security vulnerability

Client-side TLS so that it verifies that the server hostname matches its certificate Fixed in fossil 2.14.2. A data exfiltration bug in the server Fixed in fossil 2.14.1...

SUSE-SU-2018:2719-1 Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues: These security issues were fixed: - CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service bsc1076957. - CVE-2017-15906: The processopen function did...

DNS Rebinding Attacks

mitmproxy is vulnerable to DNS rebinding attacks. The vulnerability exists due to the lack of enforcement of hostname matching, allowing DNS rebinding attacks...

UBUNTU-CVE-2013-7449

The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

Amazon Linux: Security Advisory (ALAS-2015-531)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-530)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-532)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...