8 matches found
CVE-2026-21697
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
EUVD-2026-1381
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
PT-2024-2218
Name of the Vulnerable Software and Affected Versions Go SDK for CloudEvents versions prior to 2.15.2 Description The issue is related to the cloudevents.WithRoundTripper function in the Go SDK for CloudEvents, which causes the SDK to leak credentials to arbitrary endpoints when used with an...
WordPress plugin WP Cerber Security 信息泄露漏洞
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...
keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...