Lucene search
K

387 matches found

Cvelist
Cvelist
added 2026/05/05 12:40 p.m.44 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Both Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the traceroute diagnostic handler in /bin/httpdclientside, which allows uncleaned user input to...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber 3.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the default key generator used in the caching middleware, which only uses the request path without including the query string. As a result,...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the ping diagnostic handler in /bin/httpdclientside, which inserts uncleaned user inputs into the...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.60 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

0.01275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37270

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.1.0 Description A Cross-Site Scripting issue exists in the Go Fiber web framework. A remote attacker can inject arbitrary HTML or JavaScript by providing an Accept: text/html header in ...

5.3CVSS6.1AI score0.00212EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/28 10:28 p.m.14 views

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.3AI score0.00251EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2026/04/28 10:28 p.m.13 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
OSV
OSV
added 2026/04/28 10:28 p.m.6 views

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/28 10:28 p.m.7 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.11 views

PT-2026-37036

Name of the Vulnerable Software and Affected Versions github.com/gofiber/fiber/v3 versions prior to 3.1.0 Description The default key generator in the cache middleware uses only the request path via the c.Path function and excludes the query string. Consequently, requests targeting the same path...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References10
Circl
Circl
added 2026/04/25 1:8 p.m.10 views

CVE-2026-42554

creationtimestamp| type| source ---|---|--- 2026-04-25 13:08:32+00:00| published-proof-of-concept| https://github.com/gofiber/fiber/security/advisories/GHSA-qjv7-627w-8qjv...

6.1CVSS5.8AI score0.00212EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 12:5 a.m.7 views

OSV-2026-603 UNKNOWN READ in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504268343 Crash type: UNKNOWN READ Crash state: ::calluncheckedraw::::callimpldocall:: wasmtimeinternalfiber::stackswitch::x8664::wasmtimefiberstart...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/16 9:17 p.m.3 views

MINI-V3V3-GFRP-HW94

Bulletin has no description...

5.3CVSS5.7AI score0.00199EPSS
Exploits0
EUVD
EUVD
added 2026/04/16 3:31 a.m.10 views

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:10 a.m.2 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.6 views

Hiding an Ear in Plain Sight: On the Practicality and Implications of Acoustic Eavesdropping with Telecom Fiber Optic Cable

Optical fibers are widely regarded as reliable communication channels due to their resistance to external interference and low signal loss. This paper demonstrates a critical side channel within telecommunication optical fiber that allows for acoustic eavesdropping. By exploiting the sensitivity ...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/28 12:0 a.m.12 views

Quantum Bit Error Rate Analysis in BB84 Quantum Key Distribution: Measurement, Statistical Estimation, and Eavesdropping Detection

Quantum Key Distribution QKD provides information-theoretic security by exploiting the principles of quantum mechanics. Among QKD protocols, the BB84 scheme remains the most widely adopted for both theoretical research and practical implementation. A critical parameter determining the reliability...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:35 p.m.2 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 8:34 p.m.4 views

Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Versions - effect: 3.19.15 - @effect/rpc: 0.72.1 - @effect/platform: 0.94.2 - Node.js: v22.20.0 - Vercel runtime with Fluid compute - Next.js: 16 App Router - @clerk/nextjs: 6.x Root cause Effect's MixedScheduler batches fiber continuations and drains them inside a single microtask or timer...

7.4CVSS6.1AI score0.0027EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder