Lucene search
+L

153 matches found

OSV
OSV
added 2026/04/20 2:2 p.m.8 views

OPENSUSE-SU-2026:20570-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References19
OSV
OSV
added 2026/04/20 2:0 p.m.8 views

SUSE-SU-2026:21356-1 Security update for go1.26

This update for go1.26 fixes the following issues: - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.7AI score0.00658EPSS
Exploits0References22
OSV
OSV
added 2026/04/20 1:54 p.m.15 views

SUSE-SU-2026:21355-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.7AI score0.00658EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1321-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1321-1 advisory. - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG...

9.8CVSS6AI score0.00658EPSS
Exploits0References29
SUSE Linux
SUSE Linux
added 2026/04/14 12:40 p.m.6 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile: no-op...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References38
OSV
OSV
added 2026/04/14 12:40 p.m.13 views

SUSE-SU-2026:1321-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144: cmd/compile:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References20
OSV
OSV
added 2026/04/13 5:43 a.m.4 views

BIT-GOLANG-2026-32281 Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 4:3 p.m.12 views

CVE-2026-35648

OpenClaw (npm) before 2026.3.22 contains a policy bypass where queued node actions are not revalidated against the current command policy at delivery time. Attackers could abuse stale allowlists or declarations that survive policy tightening to execute unauthorized commands. The root cause is lac...

5.9CVSS5.9AI score0.00217EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35648 OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...

2.3CVSS6AI score0.00217EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.7 views

Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before...

8.2CVSS5.7AI score0.00454EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/10 12:30 a.m.4 views

GHSA-2J53-2C28-G9V2 Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before...

6.9CVSS5.7AI score0.00454EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.2 views

CVE-2026-35627

OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through...

6.9CVSS5.9AI score0.00454EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 1:6 a.m.137 views

CVE-2026-32281

CVE-2026-32281 : In Go, policy validation for X.509 certificate chains can be inefficient when many policy mappings are present, potentially enabling a denial-of-service on validation of otherwise trusted chains. The OpenSUSE advisories note fixes in Go updates: go1.25.9 and go1.26.2, with SUSE p...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 1:6 a.m.4 views

CVE-2026-32281 Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

7.5CVSS6AI score0.00349EPSS
Exploits0References7
OSV
OSV
added 2026/04/07 10:53 p.m.5 views

GO-2026-4946 Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/06 9:31 a.m.2 views

EUVD-2026-19197

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly...

5.7AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:38 a.m.3 views

CVE-2026-31407

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly...

7.1CVSS5.7AI score0.00169EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of netlink policy validation, potentially leading to out-of-bound access...

7.1CVSS5.8AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 3:31 p.m.8 views

EUVD-2026-18213

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.45 views

Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder