GHSA-FP53-QCF8-2XX2 Bunsink has an SSRF bypass in `validate_webhook_url`

Summary Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be partially bypassed because of a mismatch in URL parsing. In some malformed URLs, Python’s standard URL parser urllib and the HTTP client stack requests / urllib3 do not agree on which host is actually being targeted...

Astra Linux - уязвимость в firefox

An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...

Astra Linux - уязвимость в twisted

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from XmlLayout failing to clean out characters prohibited by the XML 1....

BIT-NODE-MIN-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

GHSA-G2PF-XV49-M2H5 Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

SUSE SLES15 Security Update : systemd (SUSE-SU-2026:1061-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1061-1 advisory. - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111:...

SUSE-SU-2026:1061-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid chars in various...

Security update for systemd

This update for systemd fixes the following issues: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. udev: check for invalid chars in various fields...

SUSE-SU-2026:1040-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid chars in various...

SUSE SLES12 Security Update : systemd (SUSE-SU-2026:0991-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0991-1 advisory. This update for systemd fixes the following issue: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method...

SUSE-SU-2026:20826-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid chars in various...

Security update for systemd

This update for systemd fixes the following issue: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. udev: check for invalid chars in various fields received from the kernel bsc1259697. Changelog: cbf8ee66ee machined: reject invalid cla...

Security update for systemd

This update for systemd fixes the following issues: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. udev: check for invalid chars in various fields...