Lucene search
K

4908 matches found

CVE
CVE
added 2026/06/02 10:1 p.m.96 views

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/02 9:39 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

8.7CVSS5.4AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 9:39 p.m.21 views

GO-2026-5038 Quadratic complexity in WordDecoder.DecodeHeader in mime

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability originated from improper practices in MHTML, and it could allow remote attackers to exploit users by executing specific UI gestures throu...

6.5CVSS5.4AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...

7.5CVSS5.3AI score0.0056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45874

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Decoding a maliciously-crafted MIME header containing many invalid encoded-words can lead to excessive CPU consumption. Recommendations At the moment, there is n...

9.1CVSS5.8AI score0.0056EPSS
Exploits2References199
Github Security Blog
Github Security Blog
added 2026/05/27 9:9 p.m.17 views

Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names

Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...

5.8AI score0.00056EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/27 9:9 p.m.9 views

GHSA-VQC8-7275-Q272 Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names

Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...

7.1CVSS5.8AI score0.00056EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 8:42 p.m.7 views

GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

7.1CVSS5.8AI score0.00062EPSS
Exploits0References6
NVD
NVD
added 2026/05/27 3:16 p.m.14 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 2:31 p.m.8 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 12:3 a.m.10 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output that allows bypassing of the contenttypedenylist in the denylistedcontenttype? function. An attacker can upload files with MIME types containing unescaped regex metacharacters, including the + in...

6.1CVSS5.7AI score0.00223EPSS
Exploits1References2
OSV
OSV
added 2026/05/27 12:3 a.m.13 views

GHSA-7G26-2QGJ-CHFG CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

4.7CVSS5.9AI score0.00223EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/27 12:3 a.m.29 views

CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

6.1CVSS5.9AI score0.00223EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44030

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 8:13 p.m.13 views

CVE-2026-40597

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/26 5:34 a.m.85 views

Exploit for CVE-2026-2942

CVE-2026-2942 ProSolution WP Client — Unauthenticated File U...

9.8CVSS5.8AI score0.00578EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.20 views

SUSE CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/25 12:44 p.m.20 views

CVE-2026-48831

A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...

7.3CVSS6.2AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handli...

7.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder