Lucene search
K

90 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 4:34 p.m.9 views

CVE-2026-45721

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute a...

9CVSS6.6AI score0.00437EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/26 4:34 p.m.23 views

CVE-2026-45721

CVE-2026-45721 (Algernon) describes a pre-auth remote code execution in Algernon web server prior to version 1.17.7. When a request targets a directory without an index, DirPage behavior walks upward through parent directories past the configured server root in search of a file named handler.lua....

9CVSS6.6AI score0.00437EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 4:31 p.m.11 views

EUVD-2026-31866

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.11 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 4:31 p.m.22 views

CVE-2026-43981

CVE-2026-43981 affects Algernon, a small self-contained Go web server. In versions prior to 1.17.6, a race condition exists in engine/luahandler.go: the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua’s LState is not goroutine-safe, ...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 4:31 p.m.9 views

CVE-2026-43981 Algernon: Race Condition in handle() shared LState

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 4:31 p.m.46 views

CVE-2026-43981 Algernon: Race Condition in handle() shared LState

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 4:30 p.m.47 views

CVE-2026-43982 Algernon: Path traversal file write via savein()

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:30 p.m.8 views

CVE-2026-43982

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 4:30 p.m.8 views

CVE-2026-43982 Algernon: Path traversal file write via savein()

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 4:30 p.m.25 views

CVE-2026-43982

Algernon (a small Go web server) has a path-traversal risk in lua/upload/upload.go: uploadedFileSaveIn() joins a caller-supplied directory with filepath.Join() and performs no boundary check after joining. A path like ../../../tmp can resolve to /tmp, bypassing web-root constraints. The issue aff...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.25 views

PT-2026-43298

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.8 contained security vulnerabilities. These vulnerabilities stemmed from path traversal via the Host header when using the --domain option, potentially allowing arbitrary file reading, directory listing...

8.2CVSS6AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

algernon 竞争条件问题漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a race condition vulnerability. This vulnerability stemmed from the sync.RWMutex used in engine/luahandler.go to protect LoadCommonFunctions, which was released before L.Push and L.PCall...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.54 views

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained a security vulnerability. This vulnerability stemmed from the hardcoded wildcard in the Access-Control-Allow-Origin header of the SSE event server, which could allow any third-party page to...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the SSE event server being bound to 0.0.0.0:5553 by default, which could allow unauthorized network access...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43297

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained a security vulnerability. This vulnerability stemmed from the process of traversing parent directories upwards during directory requests to find the handler.lua file. This could allow...

9CVSS6.3AI score0.00437EPSS
Exploits0References1
Rows per page
Query Builder