EUVD-2025-210216

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Permissive List of Allowed Inputs

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcement by crafting a...

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

Improper Certificate Validation

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...

CVE-2026-47774

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

Improper Input Validation

hono is vulnerable to Improper Input Validation. The vulnerability is due to trusting the client-supplied Content-Length header instead of validating the actual request body size, which allows an attacker to bypass configured body size limits by declaring a smaller content length while sending a...

CVE-2026-53869

CVE-2026-53869 : Hermes Agent prior to 0.16.0 has a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. The FastAPI HTTP middleware is not executed for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events, ena...

Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Summary The SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects 301/302 by default, an attacker c...

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

CVE-2026-20246

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

CVE-2026-53805 NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

CVE-2026-20178

The CVE-2026-20178 issue affects the browser-based Cisco Webex App. Root cause: improper input validation of URL parameters in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted URL and be redirected to a malicious webpage. Impact is limited to use...

EUVD-2026-37759

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

EUVD-2026-37750

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...