Lucene search
K

312 matches found

RedHat Linux
RedHat Linux
added 6 days ago6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.8AI score0.00292EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:38 a.m.4 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/07/01 9:35 p.m.5 views

GHSA-JXPM-75MH-9FP7 oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

7.5CVSS5.8AI score
Exploits0References5
F5 Networks
F5 Networks
added 2026/06/30 8:58 p.m.6 views

K000161990: Go vulnerability CVE-2025-61723

Security Advisory Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. CVE-2025-61723 Impact An attacker may be able to cause an increase in resource utilization, which...

7.5CVSS7AI score0.00626EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
added 2026/06/30 3:45 p.m.6 views

K000161969: Go vulnerability CVE-2025-58189

Security Advisory Description When Conn.Handshake fails during Application-Layer Protocol Negotiation ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. CVE-2025-58189 Impact An attacker may be able to inject controlled...

5.3CVSS6.5AI score0.00443EPSS
Exploits0Affected Software3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...

5.5CVSS7.1AI score0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5552 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin

OliveTin has Unvalidated ot-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5338 containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd

containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd...

9.9CVSS5.8AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5169 Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint in github.com/coder/coder

Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint in github.com/coder/coder...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5089 FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser

FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser...

5.8AI score0.00052EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:13 p.m.9 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

9.1CVSS5.9AI score0.01557EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/24 11:4 a.m.4 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2026-56221

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

7.1CVSS6AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.32 views

CVE-2026-56316 Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

6.9CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.33 views

CVE-2026-56307 Cap-go - Broken Cursor Pagination in /private/devices Endpoint

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51036

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/17 7:31 a.m.6 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.3AI score0.00615EPSS
Exploits0References8
OSV
OSV
added 2026/06/15 3:34 p.m.5 views

SUSE-SU-2026:2400-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS7.8AI score0.01557EPSS
Exploits3References15
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.15 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
Rows per page
Query Builder