EUVD-2026-8679

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS1 v1.5 Padding Validation...

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

CVE-2017-18404

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD SEC-341...

EUVD-2007-6145

Malware in sbrugna...

EUVD-2000-0010

Malware in sbrugna...

EUVD-2017-9520

Malware in sbrugna...

MAL-2025-20085 Malicious code in express-tld (npm)

The package express-tld was found to contain malicious code...

Malicious code in express-tld (npm)

The package express-tld was found to contain malicious code...

google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

Server side request forgery (ssrf)

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

CVE-2023-48711

CVE-2023-48711 corresponds to a Server-Side Request Forgery (SSRF) in google-translate-api-browser. The vulnerability arises when applications expose translateOptions to end users; the translateOptions.tld field is not properly sanitized before embedding in the Google Translate URL, enabling an a...

google-translate-api-browser Code Issue Vulnerability

google-translate-api-browser is the free and unlimited Google Translate API. A code issue vulnerability exists in versions of google-translate-api-browser prior to 4.1.0, which stems from the translateOptions.tld field not being properly cleaned before being placed in a Google Translate URL. An...

PT-2023-7472 · Unknown · Google-Translate-Api-Browser

Name of the Vulnerable Software and Affected Versions: google-translate-api-browser versions prior to 4.1.3 Description: A Server-Side Request Forgery SSRF issue is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An...

Subdomain Validation Bypass - ownCloud

Within the oauth2 app an attacker is able to pass in a specially crafted redirect-url which bypasses the validation code and thus allows the attacker to redirect callbacks to a TLD controlled by the attacker...

FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

By Waqas According to Fortinet Labs, third parties have already purchased top-level domains TLD such as Joomla.zip and MSNBC.zip, which could potentially be a breach of the Anticybersquatting Consumer Protection Act ACPA. This is a post from HackRead.com Read the original post: FortiGuard Labs...

".Zip" top-level domains draw potential for information leaks

Googles recent offering of the ".zip" top-level domain TLD has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals. As a result of user...

TLDHunt - Domain Availability Checker

TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By providing a keyword and a list of TLD top-level domain extensions, TLDHunt checks the availability of domain names that match the given criteria. This tool is particularly...

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...