EUVD-2026-18478

Rack::Request accepts invalid Host characters, enabling host allowlist bypass...

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

CVE-2026-35459

creationtimestamp| type| source ---|---|--- 2026-04-02 20:36:20+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-7gvf-3w72-p2pg 2026-04-06 21:21:26+00:00| published-proof-of-concept| Telegram/xKxKUYX0BRejEqYlrURXsjCQY9BctYcoeewNmSMWqY7riM 2026-04-06...

GHSA-5RRM-6QMQ-2364

creationtimestamp| type| source ---|---|--- 2026-04-02 19:27:20+00:00| published-proof-of-concept| Telegram/zJs9VhJAI5JOvrL4hzeWnrOleMDgHArbbwhOuzjaL80cudA 2026-04-03 02:18:18+00:00| seen| https://bsky.app/profile/cyber-news-fi.bsky.social/post/3miknqzyvft2x...

CVE-2026-5354

creationtimestamp| type| source ---|---|--- 2026-04-02 18:50:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijupvycp32g...

CVE-2026-5353

creationtimestamp| type| source ---|---|--- 2026-04-02 18:40:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miju5yzr5j2i...

EUVD-2026-18436

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

EUVD-2026-18426

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

CVE-2026-34120

creationtimestamp| type| source ---|---|--- 2026-04-02 18:30:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijtnewzrz2z 2026-04-02 19:26:29+00:00| seen| Telegram/tHMZo4t6KJ7O3rHGS3YAWNGCGRHee0gil3YJsfVKclsQ...

CVE-2026-34122

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter,...

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

CVE-2026-27774

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image Windows before build 42902...

CVE-2026-34118

creationtimestamp| type| source ---|---|--- 2026-04-02 18:15:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijsrw5c7725 2026-04-02 19:26:29+00:00| seen| Telegram/tHMZo4t6KJ7O3rHGS3YAWNGCGRHee0gil3YJsfVKclsQ...

CVE-2026-34122

creationtimestamp| type| source ---|---|--- 2026-04-02 18:13:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijsnrrg6w2q 2026-04-02 19:26:54+00:00| seen| Telegram/Wnflj9AVRNFcbzmT8RV9QbE39gd8mxBym86BZleqlS4uOZ8...

CVE-2026-34121

creationtimestamp| type| source ---|---|--- 2026-04-02 18:03:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijs4szzh22j 2026-04-02 19:26:54+00:00| seen| Telegram/Wnflj9AVRNFcbzmT8RV9QbE39gd8mxBym86BZleqlS4uOZ8...

CVE-2026-35450

creationtimestamp| type| source ---|---|--- 2026-04-02 17:59:18+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-2vg4-rrx4-qcpq...

CVE-2026-34794

creationtimestamp| type| source ---|---|--- 2026-04-02 17:28:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijq5z75b62d 2026-04-02 17:38:00+00:00| seen| Telegram/-NvE3DOHeY-1Q0zG5YCstM01cFOFdgBxqrRb0oXZGokSQ 2026-04-03 08:00:23+00:00| seen|...

CVE-2026-33746

creationtimestamp| type| source ---|---|--- 2026-04-02 17:23:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijpv2pqdw27 2026-04-02 17:38:06+00:00| published-proof-of-concept| Telegram/MQ6ai6F8nIsMgggTBJXuPSpPwamg57gds1UAnW3xco8kE 2026-04-02 18:52:03+00:00| seen|...