491 matches found
CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`
parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...
SUSE CVE-2026-8924
A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
libcurl 7.46.0 < 8.21.0 Super Cookie PSL Bypass (CVE-2026-8924)
The version of libcurl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...
SSH Configuration Injection
Coder is vulnerable to SSH Configuration Injection. The vulnerability is due to coder config-ssh writing server-supplied HostnameSuffix and SSHConfigOptions into the user's /.ssh/config without properly sanitizing embedded newlines or restricting SSH directives, which allows an attacker controlli...
CVE-2026-48828
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...
CVE-2026-48828
The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...
CVE-2026-8924
A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...
PT-2026-56071
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The coder config-ssh command writes server-supplied SSH settings into the user's /.ssh/config file without...
CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
CVE-2026-10657
The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...
ALPINE-CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924
CVE-2026-8924 – curl cookie parsing flaw. The vulnerability arises from curl’s cookie parsing logic, enabling a malicious HTTP server to set ‘super cookies’ that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl subsequently scopes and tran...
EUVD-2026-41505
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924 trailing dot domain super cookie
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924 trailing dot domain super cookie
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
curl: curl: Cookie injection via malicious HTTP server using super cookies
A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...
GHSA-XWW8-GQVH-92X9 OpenClaw: Exec approval display truncation could hide the command being approved
Summary OpenClaw exec approvals could show a shortened command in the approval UI while keeping the full original command for execution. For very long commands, an approver could see and approve a benign-looking prefix while a hidden suffix remained part of the command that would run after...
EUVD-2026-41259
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...