Lucene search
K

939 matches found

OSV
OSV
added 2026/03/09 7:55 p.m.3 views

GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass

Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...

5.4CVSS5.9AI score0.00485EPSS
Exploits1References6
OSV
OSV
added 2026/03/05 9:30 p.m.4 views

GHSA-MJQR-5C55-G77H @perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.7 views

@perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/05 9:16 p.m.7 views

CVE-2025-70949

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS0.00379EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 3:52 p.m.2 views

SUSE-SU-2026:0790-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS6AI score0.00765EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/02 1:25 a.m.6 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:23 a.m.5 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:22 a.m.7 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
NVD
NVD
added 2026/02/19 10:16 p.m.5 views

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

5.3CVSS0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20941

Name of the Vulnerable Software and Affected Versions FormaLMS versions 4.1.18 and below Description A flaw exists in the password recovery functionality of FormaLMS that allows for user enumeration. An unauthenticated attacker can determine valid registered usernames by observing differing error...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 12:0 a.m.10 views

CVE-2026-26744

FormaLMS is affected version 4.1.18 and earlier. A user enumeration flaw exists in the password recovery endpoint (/lostpwd) where responses differ between valid and invalid usernames, allowing unauthenticated attackers to determine registered usernames. Impact is limited to information disclosur...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/10 12:30 p.m.8 views

GHSA-C4QC-4Q9P-M9Q9 Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.28 views

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/10 10:15 a.m.6 views

UBUNTU-CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7.1AI score0.00219EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:25 a.m.5 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 8:48 a.m.5 views

BIT-GOLANG-2025-61732 Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score0.00472EPSS
Exploits0References39
SUSE CVE
SUSE CVE
added 2026/02/06 12:34 a.m.11 views

SUSE CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

9.6CVSS5.3AI score0.00472EPSS
Exploits0References19
OSV
OSV
added 2026/02/05 4:15 a.m.6 views

CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score
Exploits0References4
EUVD
EUVD
added 2026/02/05 3:42 a.m.6 views

EUVD-2025-206866

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.4AI score0.00472EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/05 3:10 a.m.4 views

HTTP Request Smuggling

Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...

9.6CVSS5.4AI score0.00472EPSS
Exploits0References3
Rows per page
Query Builder