Lucene search
K

141 matches found

RedHat Linux
RedHat Linux
added 5 days ago4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.68 packages and security update

Red Hat OpenShift Container Platform release 4.14.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.01945EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:33722)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:33722 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial...

7.5CVSS6.9AI score0.00728EPSS
Exploits0References11
Rockylinux
Rockylinux
added 2026/06/26 12:3 p.m.6 views

runc security update

An update is available for runc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The runC tool is a lightweight, portable implementation of the Open Container...

7.5CVSS7.2AI score0.00728EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/25 6:40 a.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/06/25 12:0 a.m.7 views

Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/24 7:30 p.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.19 views

Important: Red Hat Security Advisory: Satellite 6.16.9 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS7.7AI score0.01557EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2026/06/18 4:16 p.m.14 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.64 packages and security update

Red Hat OpenShift Container Platform release 4.16.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

7.5CVSS8.2AI score0.00728EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.21 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.1AI score0.01945EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/06/11 1:56 p.m.10 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.16 views

RHEL 9 : buildah (RHSA-2026:25252)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25252 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

10CVSS5.6AI score0.01945EPSS
Exploits3References12
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.8 views

CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.13 views

EUVD-2026-35343

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.7 views

CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

6.5CVSS5.5AI score0.00123EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

10CVSS7.9AI score0.01945EPSS
Exploits2References8
Snyk
Snyk
added 2026/06/08 12:0 a.m.20 views

Server-side Request Forgery (SSRF)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 1:15 p.m.8 views

GHSA-86QP-5C8J-P5MR Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

6.5CVSS5.9AI score0.01438EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.13 views

RockyLinux 10 : opentelemetry-collector (RLSA-2026:19135)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:19135 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2026/06/03 11:39 a.m.18 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References2
Rows per page
Query Builder