EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

WordPress Trending/Popular Post Slider and Widget plugin <= 1.8.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Trending/Popular Post Slider and Widget versions = 1.8.6...

GHSA-92MM-2PJQ-R785 HashiCorp's go-getter library may allow arbitrary file reads

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

HashiCorp's go-getter library may allow arbitrary file reads

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

Arbitrary Argument Injection

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...

EUVD-2026-20894

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

CVE-2026-4660

CVE-2026-4660 affects HashiCorp go-getter up to v1.8.5, where a crafted URL during certain git operations can cause arbitrary filesystem reads. The issue is fixed in go-getter v1.8.6; the v2 branch/package is unaffected. If you use go-getter, upgrade to v1.8.6 or later. The provided sources do no...

CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

PT-2026-31612

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

Linux Distros Unpatched Vulnerability : CVE-2026-4660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. Th...

CLEANSTART-2026-KJ02127 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.8.6-r0, 1.8.6-r1

Multiple security vulnerabilities affect the karpenter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

EUVD-2025-206003

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

CVE-2025-62099 WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

CVE-2025-62099 WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

CVE-2025-62099

Technical details for CVE-2025-62099 are not provided in the supplied documents. The initial description notes a Missing Authorization issue in the Gravity Forms Signature Add-On (gravity-signature-forms-add-on) up to v1.8.6, but no exploits, vectors, or fixes are disclosed here.