Lucene search
K

13757 matches found

OSV
OSV
added 2026/06/26 2:5 p.m.2 views

SUSE-SU-2026:2665-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...

10CVSS7.3AI score0.01557EPSS
Exploits1References26
Cvelist
Cvelist
added 2026/06/26 1:47 p.m.37 views

CVE-2026-13426 Client4 fails to validate path parameters

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 12:5 p.m.3 views

RLSA-2026:29980 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-10.2.z JIRA:Rocky Linux-183347 For more detail...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 12:3 p.m.5 views

RLSA-2026:29981 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-9.8.z JIRA:Rocky Linux-183350 For more details...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/26 12:3 p.m.5 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

7.5CVSS5.8AI score0.00904EPSS
Exploits0
OSV
OSV
added 2026/06/26 9:25 a.m.2 views

OPENSUSE-SU-2026:21072-1 Security update for trivy

This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...

9.9CVSS5.8AI score0.00412EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

RockyLinux 10 : buildah (RLSA-2026:29195)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29195 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2493-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2493-1 advisory. - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110,...

9.1CVSS6.6AI score0.91969EPSS
Exploits7References32
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...

5.5CVSS7.1AI score0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker

Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...

7.5CVSS5.9AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5694 Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign

Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5708 Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana

Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.1CVSS5.9AI score0.00245EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.8 views

GO-2026-5547 in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang

in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5515 Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base...

5.8AI score0.00055EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5568 Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman

Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5616 S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy

S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5552 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin

OliveTin has Unvalidated ot-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5462 Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor in github.com/argoproj/argo-workflows

Argo Vulnerable to Unauthenticated Memory Exhaustion DoS in Webhook Interceptor in github.com/argoproj/argo-workflows...

8.2CVSS5.8AI score0.00607EPSS
Exploits1References5
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc

Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...

5.8AI score0.0009EPSS
Exploits0References3
Rows per page
Query Builder