Lucene search
+L

173 matches found

RedHat Linux
RedHat Linux
added 2026/02/10 6:26 p.m.2 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

7.5CVSS5.7AI score0.00403EPSS
Exploits0References7
NVD
NVD
added 2026/02/10 6:16 p.m.10 views

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

9.8CVSS0.0032EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/10 5:54 p.m.4 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

7.5CVSS5.7AI score0.00403EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/09 5:56 a.m.5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/09 1:55 a.m.7 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/09 1:34 a.m.8 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/05 2:55 p.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/04 11:48 a.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/03 12:29 p.m.11 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
OSV
OSV
added 2026/01/30 5:25 p.m.3 views

CLEANSTART-2026-PB78859 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the kubevela package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00613EPSS
Exploits0References5
OSV
OSV
added 2026/01/30 5:20 p.m.4 views

CLEANSTART-2026-NF19624 ParseAddress function constructs domain-literal address components through repeated string concatenation

Security vulnerability affects the timoni package. The ParseAddress function constructs domain-literal address components through repeated string concatenation...

9.8CVSS5.5AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 4:35 p.m.6 views

CLEANSTART-2026-TY78539 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the go-fips-1.24 package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00626EPSS
Exploits0References17
OSV
OSV
added 2026/01/30 4:35 p.m.10 views

CLEANSTART-2026-VS64679 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the go-fips-1.24 package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

9.8CVSS7.1AI score0.00626EPSS
Exploits0References17
OSV
OSV
added 2026/01/30 3:41 p.m.8 views

CLEANSTART-2026-ER42900 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the external-dns-fips package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00626EPSS
Exploits2References29
OSV
OSV
added 2026/01/30 2:35 p.m.4 views

CLEANSTART-2026-PK92575 ParseAddress function constructs domain-literal address components through repeated string concatenation

Security vulnerability affects the wazero package. The ParseAddress function constructs domain-literal address components through repeated string concatenation...

9.8CVSS5.5AI score0.00613EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/27 11:37 a.m.5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/01/21 7:25 p.m.21 views

CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS0.00164EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 7:25 p.m.8 views

CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS5.5AI score0.00164EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/21 12:11 p.m.9 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/01/21 10:1 a.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
Rows per page
Query Builder