CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - riscv: ftrace: Fixed a panic caused by preemption being disabled. In RISCV, we need to use an AUIPC + JALR pair to encode an immediate jump, creating a jump to an address beyond 4K. This may cause errors if we want to enable...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

SUSE CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

USN-8062-1 curl vulnerabilities

It was discovered that curl incorrectly handled cookies when redirected from secure to insecure connections. An attacker could possibly use this issue to cause a denial of service, or obtain sensitive information. This issue only affected Ubuntu 25.10. CVE-2025-9086 Calvin Ruocco discovered that...

EUVD-2025-199007

Malicious code in url-encode-decode npm...

GO-2025-3988 Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail

Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail...

UBUNTU-CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

EUVD-2025-31582

Malicious code in bioql PyPI...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2025-59937

Go-mail (github.com/wneessen/go-mail) vulnerable in versions

GHSA-WPWJ-69CM-Q9C5 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow

...

Linux Distros Unpatched Vulnerability : CVE-2020-12409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

WordPress plugin Stop User Enumeration 安全漏洞

WordPress Stop User Enumeration plugin is a security plugin for WordPress, mainly used to detect and prevent hackers from scanning website usernames user enumeration attack to get the login name, which is the pre-detection behavior of brute force password cracking attack. A security vulnerability...

base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding...

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Faddrencodelen function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

The vulnerability of the QuTS operating systems and QTS network devices from Qnap, related to improper handling of data with URL encoding, allows attackers to execute arbitrary code.

The vulnerability of the QuTS operating systems and QTS network devices involves improper handling of data with URL encoding. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...