3850 matches found
AZL-76743 CVE-2025-61732 affecting package msft-golang 1.24.13-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
DEBIAN-CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
AZL-76688 CVE-2025-61732 affecting package golang 1.26.0-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
AZL-78937 CVE-2025-61732 affecting package golang 1.25.7-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
EUVD-2025-206866
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
CVE-2025-61732 involves a discrepancy in how Go and C/C++ comments are parsed, enabling code smuggling into the resulting cgo binary. Multiple connected sources confirm the issue affects Go/cgo workflows and documents the vulnerability with a CVSSv3.1 base score of 8.6 (HIGH) and local attack vec...
GO-2026-4413 Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comment field in song metadata. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content into this field. Details Cross-site scripting or XSS is a...
HTTP Request Smuggling
Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...
GO-2026-4433 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
PT-2026-6533
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from differences in how Go and C/C++ comments are parsed. This vulnerability may allow co...
CVE-2026-25578 Navidrome is vulnerable to XSS via comment from song metadata
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...
CVE-2026-25578
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...