19 matches found
EUVD-2026-21218
A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...
CVE-2026-5772
A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...
CVE-2026-5772
A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...
Exploit for Improper Neutralization of Wildcards or Matching Symbols in Laravel Framework
CVE-2025-27515 Proof of Concept A practical demonstration of...
EUVD-2025-6153
Malicious code in bioql PyPI...
BIT-LARAVEL-2025-27515 Laravel has a File Validation Bypass
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
Improper Neutralization
laravel/framework is vulnerable to Improper Neutralization. The vulnerability is due to improper validation enforcement due to the incorrect handling of wildcard validation files., allowing user-crafted malicious requests to bypass file or image validation rules...
Improper Neutralization
Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...
CVE-2025-27515
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
DEBIAN-CVE-2025-27515
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
GHSA-78FX-H6XR-VCH4 Laravel has a File Validation Bypass
When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...
CVE-2025-27515
CVE-2025-27515 affects Laravel: wildcard file/image validation (files.*) can bypass rules during upload. Root cause is improper handling of array-based uploads, enabling a user-controlled bypass. Fixed in Laravel releases 11.44.1 and 12.1.1. A PoC exploiting a wildcard validation bypass exists in...
CVE-2025-27515 Laravel has a File Validation Bypass
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
PT-2025-9848
Name of the Vulnerable Software and Affected Versions Laravel versions prior to 11.44.1 Laravel versions prior to 12.1.1 Description Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could...
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...
OESA-2023-1391 bouncycastle security update
A Java implementation of cryptographic algorithms. Security Fixes: A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to...