47 matches found
CISA manage.get.gov incorrect portfolio administrator privileges
RISK EVALUATION manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. 2. RECOMMENDED PRACTICES Fixed in 1.176.0 on or around 2026-04-30. 3. DESCRIPTION...
CVE-2026-22866
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
Improper Domain Name Validation
com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...
EUVD-2025-29207
Malicious code in bioql PyPI...
CVE-2025-43793
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
Liferay Portal has Improper Validation of Specified Quantity in Input
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
GHSA-XVGG-9H29-4G34 Liferay Portal has Improper Validation of Specified Quantity in Input
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
CVE-2025-43793
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
CVE-2025-43793
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
CVE-2025-43793
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
CVE-2025-43793
CVE-2025-43793 affects Liferay Portal (7.4.0–7.4.3.105) and Liferay DXP (2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 35). The issue is improper subdomain/domain subcomponent identification that can create a supercookie, enabling remote attackers controlling a website sharing t...
CVE-2025-43793
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...
PT-2025-37709
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.4.0 through 7.4.3.105 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Description Lifera...
DEBIAN-CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
CVE-2023-49104
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...
Input validation
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...
CVE-2023-49104
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...
CVE-2023-49104
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Google introduced the new ".zip" Top Level Domain TLD on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in ".zip" are people intending to open an archive file or an internet URL?...
CVE-2022-2837
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...