Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.13 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2334)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...

9.8CVSS7.8AI score0.00728EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 10:1 p.m.35 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

0.00904EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 9:39 p.m.11 views

GO-2026-5037 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

7.5CVSS5.9AI score0.00904EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 7:4 p.m.2 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/19 7:4 p.m.10 views

league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:42 p.m.8 views

Koa has Host Header Injection via ctx.hostname

Summary Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a @ symbol e.g., evil.com:[email protected] is received,...

8.2CVSS5.7AI score0.00334EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/26 10:42 p.m.4 views

GHSA-7GCC-R8M5-44QM Koa has Host Header Injection via ctx.hostname

Summary Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a @ symbol e.g., evil.com:[email protected] is received,...

7.5CVSS5.9AI score0.00334EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/26 2:32 p.m.6 views

CVE-2026-27959

A flaw was found in Koa’s ctx.hostname API used in Node.js applications. The function incorrectly parses specially crafted HTTP Host headers containing an @ character, which can cause the extracted hostname value to differ from the intended origin. An attacker can exploit this behavior by sending...

8.2CVSS5.6AI score0.00334EPSS
Exploits1References6
CVE
CVE
added 2026/02/26 1:45 a.m.87 views

CVE-2026-27959

Koa (Node.js) prior to versions 3.1.2 and 2.16.4 exposes a vulnerability in ctx.hostname: it naively parses the Host header and returns an attacker-controlled value when the header contains an invalid RFC 3986 hostname (e.g., with a @). This can affect URL generation, password reset links, email ...

8.2CVSS5.4AI score0.00334EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22104

Name of the Vulnerable Software and Affected Versions Koa versions prior to 3.1.2 Koa versions prior to 2.16.4 Description Koa middleware for Node.js, using ES2017 async functions, has an issue where the ctx.hostname API improperly parses the HTTP Host header. The parsing does not validate input...

8.2CVSS5.9AI score0.00334EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/12/16 11:35 a.m.5 views

Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. CVE-2024-43806: rustix:...

6.5CVSS7AI score0.0048EPSS
Exploits1References8
OSV
OSV
added 2025/12/16 11:35 a.m.5 views

SUSE-SU-2025:4411-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. - CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. - CVE-2024-43806: rustix:...

8.8CVSS5.8AI score0.0048EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2025/10/24 1:28 p.m.4 views

Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...

8.4CVSS6.8AI score0.1446EPSS
Exploits2References20
OSV
OSV
added 2025/10/24 1:28 p.m.5 views

SUSE-SU-2025:3785-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...

8.8CVSS6.8AI score0.1446EPSS
Exploits2References11
SUSE Linux
SUSE Linux
added 2025/10/01 1:10 p.m.6 views

Security update for snpguest

This update for snpguest fixes the following issues: CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing bsc1243869. CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch...

6.3CVSS7AI score0.00452EPSS
Exploits1References8
OSV
OSV
added 2025/10/01 1:9 p.m.3 views

SUSE-SU-2025:03445-1 Security update for snpguest

This update for snpguest fixes the following issues: - CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing bsc1243869. - CVE-2025-3416: openssl: use-after-free in Md::fetch and...

8.8CVSS5.8AI score0.00452EPSS
Exploits1References5
OSV
OSV
added 2024/03/04 2:27 p.m.6 views

CLSA-2024-1709562468 Fix CVE(s): CVE-2023-6004, CVE-2023-6918

SECURITY UPDATE: ProxyCommand/ProxyJump features allow injection of malicious code through hostname - debian/patches/CVE-2023-6004-pre1.patch: move common parser functions to configparser.c - debian/patches/CVE-2023-6004-pre2.patch: prevent possible segmentation fault -...

5.3CVSS6.8AI score0.01421EPSS
Exploits0References1
OSV
OSV
added 2024/01/12 11:6 a.m.4 views

OESA-2024-1041 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

5.3CVSS7.4AI score0.01421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.5 views

PT-2023-13797 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to information disclosure due to a buffer over-read in the Modem while parsing DNS hostname. Recommendations: At the moment, there is no information about a newer version...

8.2CVSS7AI score0.00354EPSS
Exploits0References3
Rows per page
Query Builder