Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.9 views

PT-2026-31058

Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...

10CVSS6.3AI score0.00658EPSS
Exploits0References435
Veracode
Veracode
added 2026/02/09 9:26 a.m.6 views

Server-Side Request Forgery (SSRF)

Webpack is vulnerable to Server-Side Request Forgery SSRF . The vulnerability is due to missing re-validation of allowedUris after HTTP 30x redirects in the HttpUriPlugin, allowing imports initially constrained to trusted URLs to be redirected to untrusted or internal endpoints, resulting in...

3.7CVSS5.5AI score0.002EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/05 11:15 p.m.3 views

DEBIAN-CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS5.3AI score0.002EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/11/19 1:54 a.m.3 views

Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

4.7CVSS7.2AI score0.00288EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/22 6:20 p.m.5 views

golang: cmd/go: packages using cgo can cause arbitrary code execution at build time

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

7.5CVSS7.6AI score0.06497EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/14 1:40 p.m.8 views

golang: improper validation of cgo flags can lead to code execution at build time

An input validation vulnerability was found in Go. If cgo is specified in a Go file, it is possible to bypass the validation of arguments to the gcc compiler. This flaw allows an attacker to create a malicious repository that can execute arbitrary code when downloaded and run via go get or go bui...

7.5CVSS7.6AI score0.02369EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/15 5:12 p.m.7 views

golang: improper validation of cgo flags can lead to code execution at build time

An input validation vulnerability was found in Go. If cgo is specified in a Go file, it is possible to bypass the validation of arguments to the gcc compiler. This flaw allows an attacker to create a malicious repository that can execute arbitrary code when downloaded and run via go get or go bui...

7.5CVSS7.6AI score0.02369EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2005/01/21 12:0 a.m.26 views

kdelibs -- insecure temporary file creation

Davide Madrisan reports: The dcopidlng' script in the KDE library package kdelibs-3.3.2/dcop/dcopidlng/dcopidlng creates temporary files in a unsecure manner. Note: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE...

2.1CVSS6.4AI score0.00412EPSS
Exploits0References2
Rows per page
Query Builder