Lucene search
+L

633 matches found

mscve
mscve
added 2026/03/22 8:1 a.m.8 views

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

...

5.9CVSS5.8AI score0.00205EPSS
Exploits1
attackerkb
attackerkb
added 2026/03/20 7:59 p.m.13 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.8AI score0.00205EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.10 views

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C programming language library published by the GNU community under the LGPL license. Versions of the GNU C Library 2.34 to 2.43 contain security vulnerabilities. These vulnerabilities arise from the gethostbyaddr or gethostbyaddrr functions potentially...

5.4CVSS5.8AI score0.00205EPSS
Exploits1References2
snyk
snyk
added 2026/03/17 8:52 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
snyk
snyk
added 2026/03/17 8:52 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
cve
cve
added 2026/03/17 5:27 p.m.32 views

CVE-2026-25534

CVE-2026-25534 affects Spinnaker clouddriver and Orca URL validation, where underscores in hostnames were not properly handled by Java URL parsing, bypassing prior URL validation checks. Public sources (NVD/Red Hat/Snyk/OSV) confirm the impact and note that patches have been merged to be released...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/17 5:27 p.m.8 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/17 5:27 p.m.31 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS0.00246EPSS
Exploits0References3
osv
osv
added 2026/03/17 5:27 p.m.6 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References5
cve
cve
added 2026/03/17 9:44 a.m.104 views

CVE-2026-3632

CVE-2026-3632 affects the libsoup library used to send network requests. The root cause is improper hostname validation which allows special characters to be injected into HTTP headers, enabling HTTP smuggling and, in some cases, Server-Side Request Forgery (SSRF) . The incident is contextualized...

5.5CVSS5.8AI score0.00207EPSS
Exploits1References3Affected Software2
vulnrichment
vulnrichment
added 2026/03/17 9:44 a.m.3 views

CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

3.9CVSS5.8AI score0.00207EPSS
Exploits1References3
github
github
added 2026/03/16 3:15 p.m.12 views

Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5Affected Software2
osv
osv
added 2026/03/16 3:15 p.m.4 views

GHSA-8R8J-GFHG-FW38 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/03/11 1:19 p.m.7 views

CVE-2026-21791

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00131EPSS
Exploits0References1
nvd
nvd
added 2026/03/10 9:16 p.m.5 views

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS0.00218EPSS
Exploits0References1
euvd
euvd
added 2026/03/10 8:38 p.m.4 views

EUVD-2026-10874

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References1
cve
cve
added 2026/03/10 8:38 p.m.17 views

CVE-2026-30953

LinkAce is affected by CVE-2026-30953 due to missing validation for NoPrivateIpRule during link creation. The server fetches HTML metadata from user-provided URLs in LinkRepository::create() via HtmlMeta::getFromUrl(), and the NoPrivateIpRule is only applied in FetchController.php, not in the pri...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10488

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00131EPSS
Exploits0References2
euvd
euvd
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10489

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00131EPSS
Exploits0References2
nvd
nvd
added 2026/03/10 6:18 p.m.7 views

CVE-2026-21791

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS0.00131EPSS
Exploits0References1
Rows per page
Query Builder