CWE-1289
22 CVEs classified under CWE-1289. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39821 | Critical | 9.6 | 2026-05-22 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") i… |
CVE-2026-35039 | Critical | 9.1 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly crea… |
CVE-2026-33496 | High | 8.1 | 2026-03-26 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior… |
CVE-2026-49942 | High | 7.3 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arab… |
CVE-2026-41239 | Medium | 6.8 | 2026-04-23 | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` s… |
CVE-2026-49940 | Medium | 6.5 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted b… |
CVE-2026-45191 | Medium | 6.5 | 2026-05-10 | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask f… |
CVE-2026-45190 | Medium | 6.5 | 2026-05-10 | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a t… |
CVE-2024-45308 | Medium | 6.5 | 2024-09-02 | HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes w… |
CVE-2026-41213 | Medium | 5.9 | 2026-04-23 | @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (inclu… |
CVE-2022-0675 | Medium | 5.6 | 2022-03-02 | In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This… |
CVE-2026-22569 | Medium | 5.4 | 2026-03-31 | An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under… |
CVE-2026-47674 | Medium | 5.3 | 2026-05-28 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) com… |
CVE-2024-8372 | Medium | 4.8 | 2024-09-09 | Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a… |
CVE-2026-1094 | Medium | 4.6 | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specia… |
CVE-2026-39972 | | 2026-04-09 | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulner… | |
CVE-2026-34080 | | 2026-04-07 | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy che… | |
CVE-2026-33729 | | 2026-03-27 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, u… | |
CVE-2026-33515 | | 2026-03-26 | Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traff… | |
CVE-2026-3563 | | 2026-03-17 | Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to crea… |