Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

SUSE CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin's OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

UBUNTU-CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 300.10.3 contained security vulnerabilities. These vulnerabilities stemmed from the concurrent access to shared mappings during the OAuth2 login process, which could lead to a crash of the Go runtime a...

SUSE CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

EUVD-2026-8864

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Packetbeat is affected by CVE-2026-26932 due to improper validation of an array index in the PostgreSQL protocol parser. The issue can cause a Go runtime panic, terminating the Packetbeat process and resulting in a Denial of Service. Attack requires the pgsql protocol to be explicitly enabled and...

CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

Summary Multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process crash availability loss. Vulnerable Componentwith code examples Operator relay map h...

GHSA-F5P9-J34Q-PWCC emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

Summary Multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process crash availability loss. Vulnerable Componentwith code examples Operator relay map h...

PT-2026-20338

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.2 Description The software accesses multiple shared maps without consistent synchronization across goroutines. Concurrent activity can trigger a fatal error: concurrent map read and map write, leading to a C2...

GO-2026-4279 flagd: Multiple Go Runtime CVEs Impact Security and Availability in github.com/open-feature/flagd/core

flagd: Multiple Go Runtime CVEs Impact Security and Availability in github.com/open-feature/flagd/core...

EUVD-2026-0859

flagd: Multiple Go Runtime CVEs Impact Security and Availability...

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

CVE-2025-65562

The CVE-2025-65562 issue affects the free5GC UPF component, where a lack of bounds checking on the SEID during PFCP Session Deletion requests can trigger a Go runtime panic and denial of service. Specifically, processing a very large SEID (for example, 0xFFFFFFFFFFFFFFFF) can cause an integer con...