Lucene search
K

632 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 5:8 a.m.7 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53267

Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References13
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS0.00405EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 1:14 a.m.2 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.6CVSS6.8AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39614

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resource...

5.5CVSS6.5AI score0.00223EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/23 9:22 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:34 p.m.4 views

CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 1:34 p.m.2 views

OPENSUSE-SU-2026:21144-1 Security update for mbedtls

This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...

9.8CVSS6.4AI score0.0199EPSS
Exploits5References27
Github Security Blog
Github Security Blog
added 2026/06/17 6:52 p.m.15 views

CakePHP Authentication: Open redirect weakness via backslash bypass

Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...

6.1CVSS5.3AI score0.0028EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50603

Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...

6.1CVSS5.9AI score0.0028EPSS
Exploits0References17
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

openSUSE 16 Security Update : NetworkManager (openSUSE-SU-2026:20911-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20911-1 advisory. Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static...

3.3CVSS5.6AI score0.00162EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/08 12:0 a.m.16 views

Security update for NetworkManager (moderate)

openSUSE security update: security update for networkmanager ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20911-1 Rating: moderate References: bsc1257359 bsc1257366 Cross-References: CVE-2025-9615 CVSS scores: CVE-2025-9615 SUSE : 5.5...

5.5CVSS5.4AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 1:57 p.m.5 views

SUSE-SU-2026:22047-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...

3.3CVSS5.2AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 1:57 p.m.5 views

SUSE-SU-2026:22086-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...

3.3CVSS5.2AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 1:54 p.m.8 views

OPENSUSE-SU-2026:20911-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...

3.3CVSS5.2AI score0.00162EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 11:16 p.m.12 views

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

7.5CVSS5.5AI score0.00939EPSS
Exploits0References5
OSV
OSV
added 2026/05/30 6:3 p.m.25 views

RLSA-2026:20597 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

6.5CVSS5.9AI score0.0038EPSS
Exploits3References4
Rows per page
Query Builder