154 matches found
CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the WebUI. This vulnerability could allow remote attackers to perform domain name spoofing through a speciall...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Cronet component in the Android version. This vulnerability could allow remote attackers to perform domai...
Malicious code in cdktn-provider-newrelic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51996ccf23fd3d3b291f945e2ec88504c93d7e302e183c7633632b8a03d1590d Package name 'cdktn-provider-newrelic' is a single-character edit cdktf→cdktn of HashiCorp's official 'cdktf-provider-newrelic' CDK for Terraform...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
Mozilla Firefox for iOS 安全漏洞
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS prior to version 151.1, which stems from the incorrect display of specially crafted right-to-left domain names and internationalized...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
PT-2026-40788
Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...
Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...
CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16624)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in versions prior to OpenClaw 2026.3.12 that stems from a weak authorization issue in the Zalouser whitelisting schema that matches variable group display names instead of stable group...
PT-2026-29583
Name of the Vulnerable Software and Affected Versions Temporal Server versions 1.29.0 and later Description A user with a writer role in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the...
CVE-2026-34716
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...
CVE-2026-32021
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...
EulerOS Virtualization 2.12.1 : avahi (EulerOS-SA-2026-1416)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where...
EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1327)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...
EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1301)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...
CVE-2026-28471
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin (versions prior to 2026.2.6) is affected by a flaw in equality matching on the mutable actor.name display name used for allowlist validation, allowing an attacker to spoof a display name to match an allowlisted user ID and gain unauthorized access to restricted co...
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...