Lucene search
+L

630 matches found

RedHat Linux
RedHat Linux
added 2026/04/21 5:19 p.m.18 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 9:35 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 2:45 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 2:44 a.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 12:29 a.m.11 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/17 9:31 a.m.6 views

EUVD-2026-23400

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/16 11:28 p.m.6 views

SUSE CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.8AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.7 views

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

9.6CVSS5.9AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.14 views

PT-2026-33035

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description An issue exists where the software fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows an unauthenticated...

10CVSS5.2AI score0.00483EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/14 8:6 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

7.7CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.7 views

CVE-2026-40150

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2026/04/14 1:48 p.m.11 views

CLSA-2026-1776174481 squid: Fix of 3 CVEs

CVE-2026-32748: ICP: fix HttpRequest lifetime for ICP v3 queries - CVE-2026-33515: ICP: fix validation of packet sizes and URLs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/13 4:31 p.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/04/13 8:10 a.m.12 views

Security update for python312

This update for python312 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-3479: improper resource argument validation in pkgutil.getdata can lead to path...

8.2CVSS5.9AI score0.00621EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.14 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1556)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1556 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...

7.1CVSS5.7AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 7:23 p.m.7 views

EUVD-2026-21170

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in webcrawl Tool...

7.7CVSS5.8AI score0.00269EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 7:23 p.m.2 views

GHSA-8F4V-XFM9-3244 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/10 7:15 p.m.23 views

CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from the Twig...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.13 views

PT-2026-32027

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS5.9AI score0.00242EPSS
Exploits0References3
Rows per page
Query Builder