Lucene search
+L

120 matches found

Snyk
Snyk
added 2026/05/05 8:13 p.m.8 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 8:13 p.m.16 views

Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

6.1CVSS6AI score0.00212EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37270

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.1.0 Description A Cross-Site Scripting issue exists in the Go Fiber web framework. A remote attacker can inject arbitrary HTML or JavaScript by providing an Accept: text/html header in ...

5.3CVSS6.1AI score0.00212EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/04 7:14 p.m.10 views

CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 7:14 p.m.41 views

CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 7:14 p.m.27 views

CVE-2026-7768

The CVE affects @fastify/accepts-serializer where serializer-selection results are cached by the request Accept header without bounds or eviction, allowing an unauthenticated remote client to cause unbounded cache growth and Node.js heap exhaustion leading to a crash. Affected versions are

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/04 7:14 p.m.3 views

CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS6AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36915

Name of the Vulnerable Software and Affected Versions @fastify/accepts-serializer versions prior to 6.0.4 Description An issue exists where serializer-selection results are cached using the request Accept header as a key without a size limit or eviction policy. A remote unauthenticated client can...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References12
Snyk
Snyk
added 2025/10/23 11:46 a.m.4 views

Exposure of Information Through Directory Listing

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to the improper error handling. An attacker can gain unauthorized access to internal directory structures by sending crafted HTTP with absent...

6.9CVSS6.9AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-1938

Malware in sbrugna...

4.3CVSS6.4AI score0.01347EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-42401

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References7
OSV
OSV
added 2025/09/12 11:46 a.m.8 views

BIT-NIFI-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS6.8AI score0.7795EPSS
Exploits0References68
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-26142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatc...

7.5CVSS6.6AI score0.01498EPSS
Exploits0References2
OSV
OSV
added 2025/06/27 1:16 p.m.7 views

OESA-2025-1684 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS6.8AI score0.01996EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-39957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional charset...

7.5CVSS7AI score0.00771EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/04 8:43 p.m.3 views

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

7.5CVSS6.6AI score0.01996EPSS
Exploits0References5
Snyk
Snyk
added 2024/07/02 4:41 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS6.7AI score0.01996EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/28 2:28 p.m.4 views

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

7.5CVSS6.6AI score0.01996EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 9:40 a.m.5 views

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

7.5CVSS6.6AI score0.01996EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 2:52 p.m.2 views

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

7.5CVSS6.6AI score0.01996EPSS
Exploits0References5
Rows per page
Query Builder