632 matches found
BIT-NODE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
PT-2026-53267
Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...
CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
EUVD-2026-39614
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resource...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...
CVE-2026-54275
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...
OPENSUSE-SU-2026:21144-1 Security update for mbedtls
This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...
CakePHP Authentication: Open redirect weakness via backslash bypass
Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...
PT-2026-50603
Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...
openSUSE 16 Security Update : NetworkManager (openSUSE-SU-2026:20911-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20911-1 advisory. Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static...
Security update for NetworkManager (moderate)
openSUSE security update: security update for networkmanager ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20911-1 Rating: moderate References: bsc1257359 bsc1257366 Cross-References: CVE-2025-9615 CVSS scores: CVE-2025-9615 SUSE : 5.5...
SUSE-SU-2026:22047-1 Security update for NetworkManager
This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...
SUSE-SU-2026:22086-1 Security update for NetworkManager
This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...
OPENSUSE-SU-2026:20911-1 Security update for NetworkManager
This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...
UBUNTU-CVE-2026-27145
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
RLSA-2026:20597 Moderate: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...