Lucene search
K

389 matches found

CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go language. Versions of Fiber prior to 3.1.0 have a security vulnerability. This vulnerability stems from the fiberflash cookie, which can trigger excessive memory allocation through unvalidated msgpack deserialization, potentially leading to...

7.5CVSS5.8AI score0.00396EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21801

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.0.1 Description Fiber is an Express inspired web framework written in Go. A denial of service issue exists in Fiber that allows remote attackers to crash the application by sending...

9.9CVSS6.1AI score0.27661EPSS
Exploits45References124
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.13 views

PT-2026-21802

Name of the Vulnerable Software and Affected Versions Fiber versions 3.0.0 and earlier Fiber versions 3.0.0 through 3.0.0 Description A Path Traversal flaw exists in Fiber, potentially allowing a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file...

9.9CVSS5.6AI score0.27661EPSS
Exploits45References125
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21803

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.1.0 Description The use of the fiber flash cookie can lead to an unbounded allocation on any server. A specially crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory through unvalidat...

9.9CVSS5.3AI score0.27661EPSS
Exploits45References124
OSV
OSV
added 2026/02/19 5:28 p.m.6 views

GO-2026-4471 Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber

Fiber has an insecure fallback in utils.UUIDv4 / utils.UUID — predictable / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber...

9.4CVSS5.5AI score0.00471EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

CDATA FD614GS3-R850 安全漏洞

CDATA FD614GS3-R850 is a fiber optic network unit terminal device from the American company CDATA. The version CDATA FD614GS3-R850 V3.2.7P161006 contains a security vulnerability. This vulnerability stems from buffer overflows in the meshnodeconfig and domiainblkconfig modules, which may allow fo...

6.4CVSS6.1AI score0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 5:57 a.m.7 views

CVE-2025-66630

A flaw was found in the Fiber web framework github.com/gofiber/fiber/v2. On Go versions prior to 1.24, the framework's Universally Unique Identifier UUID generation functions do not return an error when the underlying cryptographic randomness source fails. This can cause applications to use...

9.4CVSS5.1AI score0.00471EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/09 7:0 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

9.8CVSS5.6AI score0.00471EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/09 7:0 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

9.8CVSS5.6AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2026/02/09 6:16 p.m.10 views

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.4CVSS0.00471EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:4 p.m.4 views

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.2CVSS5.6AI score0.00471EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 6:4 p.m.28 views

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.2CVSS0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 6:4 p.m.6 views

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.2CVSS5.6AI score0.00471EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 6:4 p.m.7 views

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.2CVSS5.6AI score0.00471EPSS
Exploits0References5
CVE
CVE
added 2026/02/09 6:4 p.m.10 views

CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

9.4CVSS5.6AI score0.00471EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 3:28 p.m.5 views

GHSA-68RR-P4FP-J59V Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

9.2CVSS5.8AI score0.00471EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/09 3:28 p.m.8 views

Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

9.4CVSS5.8AI score0.00471EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Fiber 安全特征问题漏洞

Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...

9.4CVSS6AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.16 views

PT-2026-7122

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.11 Fiber versions prior to 2.52.11 running on Go versions prior to 1.24 Description The Fiber framework, an Express-inspired web framework written in Go, is susceptible to generating predictable identifiers when...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References121
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability stems from incorrect handling of parameters in the files /boaform/admin/formLogin, specifically the parameter Host,...

7.5CVSS7.1AI score0.02537EPSS
Exploits1References7
Rows per page
Query Builder