Lucene search
K

13885 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-48978

A flaw was found in oras-go. The auth.Client in oras-go does not properly validate the scheme or host of the realm URL provided in a registry's WWW-Authenticate: Bearer challenge. A remote attacker, operating a malicious registry or performing a man-in-the-middle attack, could exploit this to...

3.1CVSS6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday25 views

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.9AI score0.0104EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday44 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7AI score0.00753EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday69 views

IBAX - SQL Injection

IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute...

8.8CVSS7AI score0.02241EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday24 views

SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

6.1CVSS6.4AI score0.07781EPSS
Exploits3References5
NVD
NVD
added yesterday6 views

CVE-2026-15618

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/toolexec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The...

7.5CVSS0.0024EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago6 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago7 views

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.5AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
NVD
NVD
added 2 days ago7 views

CVE-2026-15542

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS0.00403EPSS
Exploits0References7
CVE
CVE
added 2 days ago6 views

CVE-2026-15542

This CVE affects will-moss Isaiah up to version 1.36.9, specifically the Websocket Connection Authentication component (file app/main.go). The underlying issue is in an unknown function that leads to improper authentication, with the attack described as remote. A fix is not yet merged; the pull r...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago4 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00183EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago5 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00183EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago14 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00183EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2 days ago5 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

9.6CVSS6.4AI score0.00478EPSS
Exploits0
Rockylinux
Rockylinux
added 2 days ago4 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

9.6CVSS6.4AI score0.00478EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

openSUSE 16 Security Update : go-sendxmpp (openSUSE-SU-2026:21277-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21277-1 advisory. Changes in go-sendxmpp: - Update to 0.16.0: Added: Add Ox support to http-upload. Add Ox support for private group chats. Show error cause if...

9.8CVSS6.9AI score0.00478EPSS
Exploits0References6
OSV
OSV
added 4 days ago3 views

CVE-2026-56296 Cap-go - App Existence Oracle via Unauthenticated transfer_app RPC

Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transferapp RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling...

6.9CVSS6.1AI score0.00239EPSS
Exploits0References4
CVE
CVE
added 4 days ago14 views

CVE-2026-56296

Cap-go before 12.128.2 has an information disclosure flaw in the public.transfer_app RPC that returns distinct error messages for existing versus non-existing app IDs. This enables unauthenticated attackers to enumerate valid app IDs by observing error message differences when calling transfer_ap...

6.9CVSS6.1AI score0.00239EPSS
Exploits0References2
Rows per page
Query Builder