22 matches found
OPENSUSE-SU-2026:20888-1 Security update for apptainer
This update for apptainer fixes the following issues: Changes in apptainer: - CVE-2026-39821: Update golang.org/x/net to 0.55.0. bsc1266656 - Add improved handling of suid-starter: Add system group apptainer Make sure, only users belonging to this group are able to run the application. Document...
OPENSUSE-SU-2026:20853-1 Security update for hauler
This update for hauler fixes the following issues: Changes in hauler: - update x/net to v0.55.0 bsc1266602, CVE-2026-39821...
Inefficient Algorithmic Complexity
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...
Inefficient Algorithmic Complexity
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
PT-2026-8042
Name of the Vulnerable Software and Affected Versions Caido versions prior to 0.55.0 Description Caido is a web security auditing toolkit. Before version 0.55.0, the software blocked connections from non-whitelisted domains attempting to reach the 8080 port, displaying a message indicating the...
AZL-68778 CVE-2025-59530 affecting package coredns for versions less than 1.11.4-11
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
CVE-2025-59530 quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
Navidrome SQL注入漏洞
Navidrome is Navidrome Open Source a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device. An SQL injection vulnerability exists in Navidrome versions 0.55.0 through 0.55.2, which stems from insufficient validatio...
Cross site scripting
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
CVE-2023-47620 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
CVE-2023-47623 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
Scrypted Cross-Site Scripting Vulnerability
Scrypted is a high-performance home video integration platform with intelligent detection by the individual developer Koushik Dutta. A cross-site scripting vulnerability exists in Scrypted 0.55.0 and earlier versions, which stems from the presence of a reflective cross-site scripting vulnerabilit...
Scrypted Cross-Site Scripting Vulnerability
Scrypted is a high-performance home video integration platform with intelligent detection by the individual developer Koushik Dutta. A cross-site scripting vulnerability exists in Scrypted 0.55.0 and earlier versions, which stems from the presence of a reflective cross-site scripting vulnerabilit...
Poppler pdfunite Denial of Service Vulnerability
Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. pdfunite is a Ruby wrapper. Poppler 0.55.0 and previous versions of pdfunit has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service...
Design/Logic Flaw
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service...