USN-8409-1 uriparser vulnerability

It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

EUVD-2026-35063

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

CVE-2026-7186

CVE-2026-7186 describes a stored cross-site scripting flaw in the Dashboard URL widget of Checkmk for versions <2.5.0p5, <2.4.0p31,

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2019-25735 AllPlayer 7.4 Local Buffer Overflow via SEH Unicode

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

CVE-2026-44353

A flaw was found in Streamlink. Its HLS HTTP Live Streaming and DASH Dynamic Adaptive Streaming over HTTP parsers do not properly validate the URI Uniform Resource Identifier scheme of segment entries. A remote attacker could craft a malicious HLS playlist or DASH manifest to include local file...

CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

[SECURITY] Fedora 43 Update: uriparser-1.0.2-1.fc43

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

CVE-2026-42012

CVE-2026-42012 affects the GnuTLS library. A remote attacker can craft a certificate with URI or SRV SANs that causes the validator to fall back to CN checks, bypassing proper SAN validation and enabling potential impersonation/MITM. Documented in multiple advisories and patches across distros: o...

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

EUVD-2026-32010

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

EUVD-2026-31933

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...