Lucene search
K

475 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: c-ares (UTSA-2026-017414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017414 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames...

6.8CVSS7.2AI score0.02617EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 9:31 p.m.8 views

GHSA-W7RC-VVGX-PJ45 Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

6.3CVSS5.7AI score0.00199EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.34 views

Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

6.3CVSS5.7AI score0.00199EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/06 8:16 p.m.5 views

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.9 views

CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 7:49 p.m.19 views

CVE-2026-43582

OpenClaw prior to version 2026.4.10 is affected by a server-side request forgery in the browser navigation policy that lets an attacker bypass hostname validation via DNS rebinding. This enables exploitation where inconsistent hostname resolution between validation and actual network requests can...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2026/05/06 7:15 p.m.17 views

PortSwigger Web Security: UI Consent Bypass via Comma Injection in `addAutoApproveTarget` — User-Approval Dialog and Persistence Layer Disagree on Target Scope, Yielding Authen

A vulnerability was discovered in Burp Suite MCP Server BApp v1.2.1 where the addAutoApproveTarget function failed to validate the hostnames passed to it. This allowed a malicious MCP client to inject a comma-separated hostname, which was then persisted as multiple independent allow-list entries...

5.4AI score
Exploits0
CVE
CVE
added 2026/05/06 9:55 a.m.34 views

CVE-2026-6860

CVE-2026-6860 describes a TLS SNI handling weakness where a TCP client can present an SNI that matches a server wildcard certificate (e.g., *.example.com) and be accepted by the server, allowing any XYZ.example.com under the wildcard to be used. The CVSS 4.0 vector yields a NETWORK, LOW complexit...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38237

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery issue exists in the browser navigation policy. This allows attackers to bypass hostname validation using DNS rebinding attacks, which involve exploiting inconsisten...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.15 views

RHCOS 4 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4297 advisory. - jenkins-jira-plugin: plugin information disclosure CVE-2019-16541 - jenkins-2-plugins/mailer: Missing hostname validation in Maile...

9.9CVSS7.4AI score0.0473EPSS
Exploits0References20
Snyk
Snyk
added 2026/05/05 9:26 a.m.8 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to improper validation of t...

7.3CVSS5.9AI score0.00632EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.16 views

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

8.1CVSS6AI score0.00419EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificate-hostname mismatches...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References1
OSV
OSV
added 2026/05/02 1:2 a.m.16 views

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

9.8CVSS6.7AI score0.74477EPSS
Exploits2References1
Snyk
Snyk
added 2026/04/28 11:19 a.m.3 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to insufficient verificatio...

8.2CVSS5.9AI score0.00593EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 8:50 a.m.7 views

CLSA-2026-1776878817 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

9.8CVSS6.8AI score0.74477EPSS
Exploits2References1
Snyk
Snyk
added 2026/04/17 9:58 p.m.5 views

DNS Rebinding

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to DNS Rebinding via improper hostname validation in the browser navigation policy. An attacker can access internal network resources or sensitive endpoints by exploiting DNS rebinding...

8.3CVSS5.7AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:58 p.m.4 views

GHSA-XQ94-R468-QWGJ OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Summary Browser SSRF hostname validation could be bypassed by DNS rebinding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Browser navigation policy could validate a hostname/IP resolution that differed from the address Chromium ultimate...

6.3CVSS5.7AI score0.00199EPSS
Exploits0References6
Rows per page
Query Builder