Lucene search
K

69 matches found

Snyk
Snyk
added 2026/02/24 1:29 a.m.6 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.6CVSS6AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/05 5:48 p.m.4 views

CVE-2025-58190 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.5AI score0.00482EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/05 5:48 p.m.34 views

CVE-2025-58190 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

0.00482EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.7 views

openSUSE 16 Security Update : sbctl (openSUSE-SU-2026:20105-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20105-1 advisory. Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic...

5.3CVSS7.9AI score0.00502EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2025/11/13 10:36 p.m.30 views

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

9.1CVSS7AI score0.00778EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:41 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...

9.4CVSS6.6AI score0.01941EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18625

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00192EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/05 1:36 a.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/30 1:27 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/25 2:1 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/06/18 2:12 a.m.21 views

Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 bsc1238686 Version was updated to 2.53.4 with the following bug fixes: Runtime:...

6.9CVSS7AI score0.91969EPSS
Exploits3References14
SUSE Linux
SUSE Linux
added 2025/06/18 2:11 a.m.5 views

Security update for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 bsc1238686 Other bugs fixes from version 2.53.4:...

9.9CVSS7.4AI score0.97809EPSS
Exploits19References52
RedHat Linux
RedHat Linux
added 2025/06/16 1:40 a.m.12 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/12 1:57 p.m.3 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
Snyk
Snyk
added 2025/06/11 4:23 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data. Go Vulnerability Report: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially...

8.9CVSS6.7AI score0.0056EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/04/29 7:0 a.m.5 views

Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

...

6.5CVSS7.5AI score0.00478EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2025/04/21 12:0 a.m.14 views

Infinite loop condition in Amazon.IonDotnet

Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition...

8.7CVSS6.8AI score0.00545EPSS
Exploits0References7
OSV
OSV
added 2025/04/16 3:16 p.m.4 views

DEBIAN-CVE-2025-22101

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in Tx ring hang. Fix to compute software checksu...

5.5CVSS5.4AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:16 p.m.8 views

UBUNTU-CVE-2025-22101

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in Tx ring hang. Fix to compute software checksu...

5.5CVSS5.9AI score0.00173EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2024/07/31 10:20 a.m.6 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References7
Rows per page
Query Builder