173 matches found
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CLEANSTART-2026-PB78859 ParseAddress function constructs domain-literal address components through repeated string concatenation
Multiple security vulnerabilities affect the kubevela package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...
CLEANSTART-2026-NF19624 ParseAddress function constructs domain-literal address components through repeated string concatenation
Security vulnerability affects the timoni package. The ParseAddress function constructs domain-literal address components through repeated string concatenation...
CLEANSTART-2026-TY78539 ParseAddress function constructs domain-literal address components through repeated string concatenation
Multiple security vulnerabilities affect the go-fips-1.24 package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...
CLEANSTART-2026-VS64679 ParseAddress function constructs domain-literal address components through repeated string concatenation
Multiple security vulnerabilities affect the go-fips-1.24 package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...
CLEANSTART-2026-ER42900 ParseAddress function constructs domain-literal address components through repeated string concatenation
Multiple security vulnerabilities affect the external-dns-fips package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...
CLEANSTART-2026-PK92575 ParseAddress function constructs domain-literal address components through repeated string concatenation
Security vulnerability affects the wazero package. The ParseAddress function constructs domain-literal address components through repeated string concatenation...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...
CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...