24 matches found
CVE-2026-48710
Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...
Starlette 环境问题漏洞
Starlette is a lightweight ASGI framework/toolkit developed by Encode. It’s ideal for building asynchronous web services using Python. Versions of Starlette prior to 1.0.1 contained an environmental issue vulnerability. This vulnerability stemmed from the lack of validation of the HTTP Host reque...
CVE-2026-8369
CVE-2026-8369 describes an issue in the NAT64 translator of The OpenThread Authors’ OpenThread (affected: OpenThread before commit 26a882d, on all platforms) caused by improper input validation. The vulnerability enables an attacker on an adjacent IPv4 network to inject corrupted IPv6 packets int...
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...
Security Bulletin:Jetty URI Parser Differences and Potential Security Implications
Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...
PT-2026-25778
Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be...
CVE-2026-26958
A flaw was found in filippo.io/edwards25519, a Go library used for cryptographic operations. This vulnerability occurs in the MultiScalarMult function when it processes points that are not properly initialized or are not the identity point. Such conditions can lead to incorrect cryptographic...
USN-8025-1: .NET vulnerability
Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...
EUVD-2023-1303
Malicious code in bioql PyPI...
EUVD-2025-6969
Malicious code in bioql PyPI...
BIT-GOLANG-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-54248 Adobe Experience Manager | Improper Input Validation (CWE-20)
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is...
Linux Distros Unpatched Vulnerability : CVE-2023-20860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...
AZL-50268 CVE-2024-9407 affecting package podman 4.1.1-26
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...
Vulnerabilities fixed in MISP
The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...
The vulnerability of the Microsoft.Data.Sqlclient (MDS) and System.Data.Sqlclient (SDS) libraries in Microsoft.NET Framework and.NET programming platforms is related to security configuration errors. This vulnerability allows attackers to bypass security restrictions and execute a type of “man-in-the-middle” attack.
The vulnerability of the Microsoft.Data.Sqlclient MDS and System.Data.Sqlclient SDS libraries in Microsoft.NET Framework and.NET programming platforms is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions and execute a...
squid: Request/Response smuggling in HTTP/1.1 and ICAP
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
PT-2023-3815 · Microsoft · Windows Remote Desktop Client +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Remote Desktop Client affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. This can potentially affect the...
PT-2022-24914 · Microsoft · Azure Rtos Usbx
Name of the Vulnerable Software and Affected Versions: Azure RTOS USBX versions prior to 6.1.12 Description: The USB DFU UPLOAD functionality in Azure RTOS USBX may be utilized to introduce a buffer overflow, resulting in the overwrite of memory contents. In particular cases, this may allow an...
The vulnerability of Microsoft Excel spreadsheet editors and the Microsoft 365 Apps for Enterprise suite, related to access control deficiencies, allows attackers to bypass existing security measures.
The vulnerability of Microsoft Excel spreadsheet editors and the Microsoft 365 Apps for Enterprise suite is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to bypass existing security measures...