Lucene search
K

34 matches found

CVE
CVE
added 2026/07/05 5:52 p.m.16 views

CVE-2026-59510

The CVE concerns AIL Framework’s PDF object handling. The vulnerable code in PDF.get_filepath() joined the configured PDF storage directory with a path derived from a PDF object identifier without ensuring the final path stayed inside the PDF_FOLDER. Authenticated attackers could supply crafted i...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5304 OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808 in github.com/openbao/openbao

OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/revoke,renew — incomplete fix of CVE-2026-45808 in github.com/openbao/openbao...

5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2335)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Amazon
Amazon
added 2026/04/30 12:0 a.m.12 views

Important: rclone

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/04/29 9:21 a.m.9 views

CLSA-2026-1777454474 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030: fix Zip Slip / directory traversal in Expand.extractFile canonical path check...

8.8CVSS5.8AI score0.00663EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 1:42 p.m.36 views

CLSA-2026-1777038119 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030 fix zip slip via canonical path check in Expand...

8.8CVSS5.8AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 5:16 p.m.12 views

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1551)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1551 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: credentials-fetcher

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1548)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1548 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/04/11 2:5 p.m.7 views

OESA-2026-1887 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/04/11 2:4 p.m.8 views

OESA-2026-1866 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-33186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 11:16 p.m.7 views

DEBIAN-CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 11:16 p.m.11 views

UBUNTU-CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/20 10:23 p.m.5 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
EUVD
EUVD
added 2026/03/20 10:23 p.m.4 views

EUVD-2026-13830

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References1
Rows per page
Query Builder