Lucene search
K

15098 matches found

UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.8 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 8:16 p.m.4 views

UBUNTU-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.6 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.40 views

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

0.0039EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.9 views

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.8AI score0.0039EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 7:41 p.m.38 views

CVE-2026-39825

CVE-2026-39825 concerns Go’s ReverseProxy (net/http/httputil). The issue: ReverseProxy forwards query parameters that are not visible to Rewrite/Director functions parsing parameters via url.ParseQuery. It does not respect ParseQuery’s limit on total query parameters (controlled by GODEBUG=urlmax...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.6 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0
OSV
OSV
added 2026/05/07 7:21 p.m.17 views

GO-2026-4976 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 7:21 p.m.9 views

Information Exposure

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrit...

6.9CVSS5.8AI score0.0039EPSS
Exploits0References3
Debian
Debian
added 2026/05/07 6:56 p.m.10 views

[SECURITY] [DSA 6251-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6251-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...

7.8CVSS6AI score0.00078EPSS
Exploits0
EUVD
EUVD
added 2026/05/07 6:30 p.m.10 views

EUVD-2025-209730

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

5.8AI score0.00476EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.12 views

query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/07 6:15 p.m.11 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 4:16 p.m.17 views

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS0.00476EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016497 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...

7.5CVSS7.3AI score0.01945EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 12:0 a.m.17 views

CVE-2025-63704

CVE-2025-63704 affects the NPM package [email protected] and is caused by improper sanitization of user-supplied query parameters, leading to prototype pollution (merging inputs into a newly created object). The CVSS v3.1 base score reported is 9.8 (CRITICAL) with network attack vector, n...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Query String Parser 安全漏洞

Query String Parser is a JavaScript tool for parsing query strings developed by Victor Teo. Version 1.0.0 of Query String Parser has a security vulnerability. This vulnerability arises from improper cleaning of query parameters provided by users and their merging into newly created objects, which...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from not considering ParseQuery’s limitation on the total number of query parameters. Thi...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 9:45 p.m.5 views

GHSA-83VM-P52W-F9PW vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.10 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder