Lucene search
+L

391 matches found

Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/07/09 7:2 p.m.5 views

Security update for rustup

This update for rustup fixes the following issues Security issues: CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. CVE-2026-41676: openssl: Deriver:derive and...

8.7CVSS7.1AI score0.00359EPSS
Exploits1References44
RedHat Linux
RedHat Linux
added 2026/07/07 10:2 a.m.11 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35830 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 For more details about the security issue...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/30 1:49 a.m.8 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00369EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 5:24 p.m.12 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00369EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 1:22 p.m.33 views

CVE-2026-13676

The CVE concerns the fast-uri library (versions 2.3.1–3.1.2 and 4.0.0) where the IDN host canonicalization path fails to normalize Unicode hosts for HTTP URLs. A helper used in IDN conversion does not exist on the global URL constructor, leaving the host in Unicode form while normalize() and equa...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References12Affected Software1
Snyk
Snyk
added 2026/06/26 2:8 a.m.9 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the checkServerIdentity function in lib/tls.js, which does not normalize an internationalized hostname to ASCII before matching it against certificate names. An attacker presenting a certificate...

7.7CVSS7.4AI score0.02486EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:9 a.m.3 views

SUSE-SU-2026:22242-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References37
Amazon
Amazon
added 2026/06/12 12:0 a.m.19 views

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA...

6.9CVSS6.2AI score0.00408EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 11:16 p.m.12 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.14 views

PYSEC-2026-215

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.1AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.7 views

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.9 views

UBUNTU-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/05 10:6 p.m.12 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:6 p.m.52 views

CVE-2026-45409

CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/05 10:6 p.m.35 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Internationalized Domain Names in Applications 安全漏洞

Internationalized Domain Names in Applications is a tool for encoding and decoding internationalized domain names, developed by Kim Davies as a personal project. Versions of Internationalized Domain Names in Applications prior to version 3.15 contained a security vulnerability. This vulnerability...

6.9CVSS6.2AI score0.00408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43392

Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...

6.9CVSS5.9AI score0.00394EPSS
Exploits0References21
Rows per page
Query Builder