EUVD-2026-21218

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

EUVD-2017-15462

Malware in sbrugna...

CVE-2024-12224 idna accepts Punycode labels that do not produce any non-ASCII when decoded

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

SUSE-SU-2023:0707-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. Update to 3.9.16: - python -m http.server no longer allows terminal control characters sent within a...

Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it PoC As admin, put the following payload in the "Allowed host" setting of the plugin /wp-admin/options-general.phpany-hostname...

CVE-2020-13661

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

CVE-2014-2901

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname...