17278 matches found
CVE-2026-53727
Summary: Multiple sources confirm a vulnerability in css_parser prior to 3.0.0 where CssParser::Parser#read_remote_file, Parser#load_uri!, and Parser#add_block! follow HTTP(S) redirects and even service file:// URIs without proper host/scheme filtering, enabling SSRF to internal hosts and potenti...
CVE-2026-47184
CVE-2026-47184 affects the python-zeroconf project. DNSCache._async_add can insert every response record into cache, expirations, expire_heap, and service_cache without a cap, enabling unauthenticated LAN hosts on UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique nam...
SUSE CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
CVE-2026-35146
The CVE-2026-35146 record concerns HCL DFXServer and describes an Unencrypted Communication vulnerability. The issue allows connections over unencrypted HTTP channels, enabling a remote attacker to intercept traffic and access sensitive data transmitted between the user and the server. The provid...
WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...
CVE-2026-56743
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...
CVE-2026-56742
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...
CVE-2026-49445
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...
CVE-2026-40955
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40954
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
EUVD-2026-44788
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40955 Integer underflow vulnerability in Secure Access clients
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40955
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40955
CVE-2026-40955 describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent Denial of Service against their client. Affecte...
EUVD-2026-44787
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40954
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40954
The CVE-2026-40954 entry describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability can be exploited by attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent DoS against their client...
CVE-2026-56743 Cilium may unexpectedly allow ingress traffic from the local namespace when a Kubernetes NetworkPolicy is configured with an ipBlock match
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...
nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling
A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...