Lucene search
K

1964 matches found

CVE
CVE
added yesterday4 views

CVE-2026-14039

Affected software: Google Chrome's GetUserMedia implementation. The CVE describes insufficient policy enforcement that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Root cause: policy enforcement gap in GetUserMedia. Impact: bypassing same-origin checks; pote...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13876

CVE-2026-13876 affects Google Chrome’s Network implementation. The flaw is an inappropriate implementation that lets an attacker in a privileged network position bypass the Content Security Policy through malicious network traffic. Impact and scope are limited to Chrome builds prior to version 15...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-56377

ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...

4.8CVSS5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added yesterday5 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

4.8CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
OSV
OSV
added 2 days ago5 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40093

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00278EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2 days ago5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2 days ago7 views

ImageMagick: ImageMagick: Denial of Service due to resource policy bypass in PSD decoder

A flaw was found in ImageMagick. A missing check in the PSD Photoshop Document decoder allows an attacker to bypass the list-length resource policy when processing a specially crafted PSD image. This could lead to a denial of service DoS condition by consuming excessive resources...

7.5CVSS5.7AI score0.00495EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-55603

A flaw was found in http-proxy-middleware. A remote attacker could exploit a vulnerability in the fixRequestBody function, which is used to re-emit a request body. By injecting carriage return and line feed characters \r\n into a request body key or value, an attacker can bypass security policies...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-53267

Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

RHEL 9 : gnutls (RHSA-2026:32962)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32962 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits1References26
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-48928

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS5.7AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-55189

RustFS (distributed object storage in Rust) contains a vulnerability from 1.0.0-alpha.1 through 1.0.0-beta.9 where enabling the FTP frontend lets FTP read and probe handlers bypass the IAM authorization function, allowing authenticated users to read objects and probe buckets regardless of IAM pol...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder