CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

RedhatCVE•added 2026/06/05 7:46 p.m.•6 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.6AI score0.00231EPSS

Exploits0References1

OSV•added 2026/05/27 11:53 a.m.•16 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00588EPSS

Exploits0References25

OSV•added 2026/05/17 8:17 p.m.•7 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00588EPSS

Exploits0References25

Tenable Nessus•added 2026/05/16 12:0 a.m.•19 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1862-1 advisory. This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

7.5CVSS5.9AI score0.00588EPSS

Exploits0References36

OSV•added 2026/05/14 10:33 p.m.•6 views

SUSE-SU-2026:1861-1 Security update for go1.26

7.5CVSS5.8AI score0.00588EPSS

Exploits0References25

OSV•added 2026/05/11 5:44 a.m.•7 views

BIT-GOLANG-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

7.5CVSS5.8AI score0.00231EPSS

Exploits0References5

SUSE CVE•added 2026/05/09 2:42 a.m.•10 views

SUSE CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References14

Tenable Nessus•added 2026/05/08 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affect...

7.5CVSS5.7AI score0.00231EPSS

Exploits0References3

EUVD•added 2026/05/07 9:30 p.m.•9 views

EUVD-2026-28433

5.8AI score0.00231EPSS

Exploits0References5

OSV•added 2026/05/07 8:16 p.m.•7 views

DEBIAN-CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References1

NVD•added 2026/05/07 8:16 p.m.•15 views

CVE-2026-42501

7.5CVSS0.00231EPSS

Exploits0References4

OSV•added 2026/05/07 8:16 p.m.•3 views

UBUNTU-CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References8

UbuntuCve•added 2026/05/07 8:16 p.m.•7 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References7

Vulnrichment•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

5.8AI score0.00231EPSS

Exploits0References4

ATTACKERKB•added 2026/05/07 7:41 p.m.•10 views

CVE-2026-42501

5.8AI score0.00231EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/07 7:41 p.m.•28 views

CVE-2026-42501

CVE-2026-42501 affects the Go toolchain download path via untrusted module proxies (GOMODPROXY) or checksum databases (GOSUMDB). The flaw allows a malicious module proxy to bypass checksum database validation when the Go toolchain is downloaded/selected (via GOTOOLCHAIN, go.work, or go.mod toolch...

7.5CVSS5.8AI score0.00231EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0

AlpineLinux•added 2026/05/07 7:41 p.m.•10 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0

Snyk•added 2026/05/07 7:21 p.m.•7 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Go Vulnerability Report: A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any...

7.5CVSS5.8AI score0.00231EPSS

Exploits0References3

OSV•added 2026/05/07 7:21 p.m.•8 views

GO-2026-4984 Malicious module proxy can bypass checksum database in cmd/go

7.5CVSS5.8AI score0.00231EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by