PT-2026-41974

Summary Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Details api/services/website/cacheAddress.js,...

@cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry

Docker registry auth substring match forwards credentials to a different registry Repository cdxgen/cdxgen Affected product/package - Ecosystem: npm - Package: @cyclonedx/cdxgen - Reviewed tree version: 12.3.3 - Reviewed commit: b1e179869fd7c6032c3d483c3f7bd4d7154ec22b - Affected file:...

EUVD-2026-24151

Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching...

CVE-2026-25542

Tekton Pipelines CVE-2026-25542 affects versions 0.43.0–1.11.0. The vulnerability arises because trusted resources verification policies compare refSource.URI against spec.resources[].pattern using Go’s regexp.MatchString, which reports a match if the pattern appears anywhere in the string. Unanc...

CVE-2026-27656

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the IsSameUser function. An attacker can gain unauthorized access to arbitrary user...

GHSA-FG35-5RF6-QG3G Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-27656

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-27656

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-27656 Account Takeover via Substring Matching in OpenID Connect Authentication

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-27656

Mattermost contains a vulnerability (CVE-2026-27656) where versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, and 10.11.x

Improper Input Validation

@digitalocean/do-markdownit is vulnerable to Improper Input Validation. The vulnerability is due to the callout and fenceenvironment plugins using .includes substring matching when allowedClasses or allowedEnvironments are strings instead of arrays, which allows an attacker to bypass intended...

EUVD-2005-3139

Malware in sbrugna...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

@digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

PT-2025-38507

Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...