PT-2026-47551

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

PT-2026-47614

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...

JLSEC-2026-419 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's...

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CLSA-2026-1767628458 curl: Fix of CVE-2024-9681

CVE-2024-9681: improve HSTS subdomain handling to prevent incorrectly overriding parent domain entries...

CLSA-2025-1764773365 curl: Fix of CVE-2024-9681

CVE-2024-9681: improve HSTS subdomain handling to prevent incorrectly overriding parent domain entries...

TencentOS Server 4: curl (TSSA-2024:0874)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0874 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2024-53316

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview @meshconnect/web-link-sdk is an A client-side JS library for integrating with Mesh Connect Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createLink.openLink function. An attacker can execute arbitrary JavaScript code in the context of the parent pag...

Linux Distros Unpatched Vulnerability : CVE-2024-56668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qibatch NULL pointer with nested parent domain The qibatch is allocated when...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2025-1568)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server...

CVE-2025-27794

Summary: CVE-2025-27794 affects Flarum versions prior to 1.8.10, where an attacker-controlled authoritative subdomain can set cookies for the parent domain, potentially enabling session hijacking on sibling subdomains. What is affected: Flarum core (pre-1.8.10) with cookies scoped to a parent dom...

Astra Linux - уязвимость в curl

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

UBUNTU-CVE-2024-56668

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qibatch NULL pointer with nested parent domain The qibatch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NU...

CVE-2024-56668

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qibatch NULL pointer with nested parent domain The qibatch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NU...

CVE-2024-56668

The CVE-2024-56668 issue affects the Linux kernel iommu/vt-d path where qi_batch could be NULL for nested parent domains, risking a kernel NULL pointer dereference and a potential memory leak due to lack of locking around domain->qi_batch allocation. The root cause is that qi_batch was not all...

CVE-2024-56668 iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qibatch NULL pointer with nested parent domain The qibatch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NU...

PT-2024-36978 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc1-00028-g4b50c3c3b998-dirty Description: A NULL pointer dereference issue has been resolved in the Linux kernel's iommu/vt-d component. The issue occurs when trying to map pages to a nested parent domai...

OESA-2024-2389 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...