939 matches found
GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass
Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...
GHSA-MJQR-5C55-G77H @perfood/couch-auth has an Observable Timing Discrepancy
An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
@perfood/couch-auth has an Observable Timing Discrepancy
An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
CVE-2025-70949
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
SUSE-SU-2026:0790-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
PT-2026-20941
Name of the Vulnerable Software and Affected Versions FormaLMS versions 4.1.18 and below Description A flaw exists in the password recovery functionality of FormaLMS that allows for user enumeration. An unauthenticated attacker can determine valid registered usernames by observing differing error...
CVE-2026-26744
FormaLMS is affected version 4.1.18 and earlier. A user enumeration flaw exists in the password recovery endpoint (/lostpwd) where responses differ between valid and invalid usernames, allowing unauthenticated attackers to determine registered usernames. Impact is limited to information disclosur...
GHSA-C4QC-4Q9P-M9Q9 Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
UBUNTU-CVE-2026-23901
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
CVE-2026-23901
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
BIT-GOLANG-2025-61732 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
SUSE CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
EUVD-2025-206866
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
HTTP Request Smuggling
Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...