Lucene search
K

4 matches found

CVE
CVE
added 2026/06/22 3:39 p.m.18 views

CVE-2026-50168

CVE-2026-50168 affects Angular's @angular/platform-server and enables SSRF via a parser differential between the strict WHATWG URL parser (used for allowlists) and Domino’s lenient parser (used for server emulation). A malformed URL with a double-port structure (e.g., http://evil.com:80:80/path) ...

8.8CVSS6.1AI score0.00193EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/20 7:16 a.m.5 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS0.00397EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/09 1:55 a.m.1 views

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS6.7AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.3 views

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from a parser difference that could lead to...

9.8CVSS9.5AI score0.63792EPSS
Exploits1References8
Rows per page
Query Builder