733 matches found
CVE-2026-1616
OSIM is affected: the nginx configuration file uses the $uri$args concatenation in OSIM prior to v2025.9.0, enabling path traversal via query parameters. The MITRE/ATT&CK mapping is not confirmed in the provided docs. No explicit patch/version remediations are stated in the connected sources; det...
CVE-2026-1616 osim: Path Traversal via query parameters in Nginx configuration
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...
EUVD-2026-4986
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...
CVE-2026-1616
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...
CVE-2026-1616 osim: Path Traversal via query parameters in Nginx configuration
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...
PT-2026-5268
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...
AZL-75695 CVE-2025-61726 affecting package golang for versions less than 1.24.12-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
AZL-78925 CVE-2025-61726 affecting package golang 1.25.7-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
UBUNTU-CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
Allocation of Resources Without Limits or Throttling
Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The net/url package does not set a limit on the number of query parameters in a query. While the...
GO-2026-4341 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...
MiracleLinux 8 : grafana-7.5.15-4.el8.ML.1 (AXSA:2023-6073:05)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6073:05 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after...
CVE-2026-23846
CVE-2026-23846 — Tugtainer password exposure : Tugtainer (self-hosted Docker updater) before version 1.16.1 transmits passwords via URL query parameters instead of the HTTP request body. This enables passwords to be logged in server access logs and potentially exposed through browser history, Ref...
EUVD-2026-3294
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
PT-2026-3491
Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1 Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query...