Search Vulnerabilities

Aqara OAuth redirect_uri validation bypass

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks

Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass

@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

Mercure has a Topic Selector Cache Key Collision

xdg-dbus-proxy has an eavesdrop filter bypass allowing message interception

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

Incorrect startup configuration in ZCC

OpenFGA has an Authorization Bypass through cached keys

Ory Oathkeeper has an authentication bypass by cache key confusion

Squid has issues in ICP message handling

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026

Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Improper Validation of Unsafe Equivalence in Input in GitLab

idna accepts Punycode labels that do not produce any non-ASCII when decoded