Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-58403

Hugo (static site generator) vulnerable from v0.123.0 through v0.163.0. A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, enabling os.ReadFile on a symlink to read the target file outside the mount. This could let a symlink inside a theme or ...

5.9CVSS5.9AI score
Exploits0References4
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-58404

Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses, including...

4.6CVSS5.8AI score
Exploits0
Snyk
Snyk
added 2026/06/19 7:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resources.GetRemote process while the host platform uses the cgo system resolver. When alternate IPv4 encodings are used in URLs, such as integer, hexadecimal, or octal representations, which bypa...

8.6CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder