3 matches found
CVE-2026-41591
Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker...
chromium-browser: Normalization error in HSTS/HPKP preload list
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
Fedora 9 : bitlbee-1.2.2-1.fc9 (2008-7274)
Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts without gaining access to the old account, it's simply an overwrite - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn'...