CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - Vulnerability in Golang-1.19

The ParseAddressList function improperly handles comments text within parentheses within display names. Since this contradicts conforming address parsers, it can lead to different trust decisions being made by programs that use different parsers...

7.5CVSS6.6AI score0.01042EPSS

Exploits0References2

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An exec allowlist bypass exists where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. This allows attackers to obtain user approval...

7.3CVSS5.9AI score0.00117EPSS

Exploits0References5

OSV•added 2026/03/31 11:59 p.m.•0 views

GHSA-6PFC-6M7W-M8FX OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper

Summary Allow-always persistence did not unwrap /usr/bin/script and similar wrappers to the actual executed target before storing trust decisions. Impact A user approval for one wrapped command could persist trust for a wrapper binary that later executed a different underlying program. Affected...

7.3CVSS5.9AI score0.00117EPSS

Exploits0References4

NVD•added 2026/03/25 8:16 p.m.•2 views

CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS0.00143EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-22162

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.01042EPSS

Exploits0References6

RedHat Linux•added 2024/08/13 9:16 a.m.•1 views

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

7.5CVSS7.3AI score0.01042EPSS

Exploits0References4

Tenable Nessus•added 2024/07/15 12:0 a.m.•13 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1909)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...

7.5CVSS7.8AI score0.91969EPSS

Exploits1References3

RedHat Linux•added 2024/06/20 12:39 p.m.•1 views

golang: net/mail: comments in display names are incorrectly handled

7.5CVSS7.3AI score0.01042EPSS

Exploits0References4

RedHat Linux•added 2024/05/22 11:47 a.m.•2 views

golang: net/mail: comments in display names are incorrectly handled

7.5CVSS7.3AI score0.01042EPSS

Exploits0References4

RedHat Linux•added 2024/04/30 1:33 p.m.•3 views

golang: net/mail: comments in display names are incorrectly handled

7.5CVSS7.3AI score0.01042EPSS

Exploits0References4

OSV•added 2024/04/12 11:7 a.m.•2 views

OESA-2024-1432 golang security update

The Go Programming Language. Security Fixes: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

7.5CVSS7AI score0.01042EPSS

Exploits0References2

Veracode•added 2024/03/17 5:30 p.m.•20 views

Interpretation Differences

net/mail in GO is vulnerable to Interpretation Differences. The vulnerability is due to the ParseAddressList function incorrectly handling comments text within parentheses inside display names. The parser handles the display names different then conforming address parsers, which could result in...

7.5CVSS6.5AI score0.01042EPSS

Exploits0References8Affected Software2

OSV•added 2024/03/12 8:24 a.m.•18 views

BIT-GOLANG-2024-24784 Comments in display names are incorrectly handled in net/mail

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.9AI score0.01042EPSS

Exploits0References7

Tenable Nessus•added 2024/03/09 12:0 a.m.•40 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:0812-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0812-1 advisory. - When following an HTTP redirect to a domain which is not a subdomain match or exact match of t...

7.5CVSS7.2AI score0.01165EPSS

Exploits0References18