Lucene search
+L

9876 matches found

cvelist
cvelist
added 2026/06/30 8:5 a.m.30 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
euvd
euvd
added 2026/06/30 8:5 a.m.7 views

EUVD-2026-40267

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/30 8:5 a.m.9 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References4Affected Software1
susecve
susecve
added 2026/06/30 1:49 a.m.8 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00312EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-13676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP- family URLs. The IDN conversion path calls a helper that do...

7.5CVSS6.1AI score0.00312EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/29 5:24 p.m.11 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00312EPSS
Exploits0References5
snyk
snyk
added 2026/06/29 2:23 p.m.10 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 2:23 p.m.9 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
osv
osv
added 2026/06/29 2:16 p.m.13 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1
nvd
nvd
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00312EPSS
Exploits0References10
osv
osv
added 2026/06/29 2:16 p.m.5 views

UBUNTU-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/29 1:22 p.m.43 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00312EPSS
Exploits0References2
osv
osv
added 2026/06/29 1:22 p.m.5 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS6AI score0.00312EPSS
Exploits0References10
debiancve
debiancve
added 2026/06/29 1:22 p.m.7 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0
euvd
euvd
added 2026/06/29 1:22 p.m.7 views

EUVD-2026-40093

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/29 1:22 p.m.18 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/06/29 1:22 p.m.14 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-424 Mlflow: Command Injection when serving models with enable_mlserver=True

A command injection vulnerability exists in Mlflow when serving a model with enablemlserver=True. The modeluri is embedded directly into a shell command executed via bash -c without proper sanitization. If the modeluri contains shell metacharacters, such as $ or backticks, it allows for command...

9.6CVSS7.4AI score0.01328EPSS
Exploits2References7
attackerkb
attackerkb
added 2026/06/29 5:45 a.m.6 views

CVE-2026-13540

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
cvelist
cvelist
added 2026/06/29 5:45 a.m.35 views

CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
Rows per page
Query Builder