39 matches found
CVE-2026-48126
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Host header when the server is running in --domain mode. An attacker can access files and execute Lua scripts from the parent directory by supplying a specially crafted Host header value. Details A Directory...
CVE-2026-48126
Algernon, a small self-contained pure-Go web server, is vulnerable prior to version 1.17.8 when started with --domain (or --letsencrypt). The request handler resolves the served directory by joining the configured --dir with the client-supplied Host header using filepath.Join without validation, ...
CVE-2026-48126 Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
CVE-2026-48126 Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
PT-2026-43308
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
EUVD-2021-1193
Malware in sbrugna...
wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory OOM...
kernel: iommu/amd: Fix I/O page table memory leak
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
GHSA-V2WX-JJ66-2HP7 Cross-site Scripting in Wildfly
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...
PT-2021-20899 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 23.0.2.Final Description: A flaw was found in Wildfly while creating a new role in domain mode via the admin console, allowing a payload to be added in the name field, leading to XSS. This affects Confidentiality and...