Lucene search
+L

1648 matches found

Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-59954 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS0.00549EPSS
Exploits0References3
CVE
CVE
added 3 days ago18 views

CVE-2026-59954

CVE-2026-59954 affects Apollo ConfigService. Before version 2.5.2, when AccessKey or management key authentication is enabled, the service may authorize access to configuration data via non-canonical appId variants that downstream handling resolves to the protected app (including accent-variant a...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

RLSA-2026:39266 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...

7.5CVSS7AI score0.00813EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 4 days ago4 views

JLSEC-2026-695 The X25519 x86_64 assembly implementation fails to clear the most significant bit during the...

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago7 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago6 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
Nuclei
Nuclei
added 4 days ago11 views

Hitachi Pentaho Business Analytics Server - Bypass Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...

9.8CVSS7.1AI score0.9767EPSS
Exploits7References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-60109

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2594)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2534)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.3 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/08 4:32 p.m.4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
CVE
CVE
added 2026/07/05 5:52 p.m.26 views

CVE-2026-59510

The CVE concerns AIL Framework’s PDF object handling. The vulnerable code in PDF.get_filepath() joined the configured PDF storage directory with a path derived from a PDF object identifier without ensuring the final path stayed inside the PDF_FOLDER. Authenticated attackers could supply crafted i...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 9:16 p.m.12 views

CVE-2026-27779

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

7.5CVSS0.00431EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-27779

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

5.9AI score0.00431EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 8:19 p.m.8 views

EUVD-2026-41637

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

5.9AI score0.00431EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55604

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software accepts malformed or injected forwarded-proto values during the detection of public URLs. This flaw allows for the generation of spoofed canonical URLs. Recommendations Update Gitea to...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References7
Rows per page
Query Builder