CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4121 matches found

CVE•added 2026/05/14 3:32 p.m.•10 views

CVE-2026-42594

Gotenberg CVE-2026-42594 describes an unauthenticated denial of service caused by reuse of echo.Context in the webhook async flow. Prior to 8.32.0, a goroutine holds a reference to the request context after ErrAsyncProcess, and Echo recycles the context to a pool. If a concurrent request reuses t...

7.5CVSS5.8AI score0.00016EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2026/05/14 3:31 p.m.•4 views

podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS5.7AI score0.00032EPSS

Exploits2References8Affected Software1

OSV•added 2026/05/14 3:31 p.m.•1 views

GHSA-Q23M-VM9R-5745 podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

5.4CVSS5.7AI score0.00032EPSS

Exploits2References8

OSV•added 2026/05/14 3:0 p.m.•3 views

ECHO-C2CF-7660-2DC1

Bulletin has no description...

9.2CVSS5.9AI score0.00288EPSS

Exploits35References4

OSV•added 2026/05/14 3:0 p.m.•0 views

ECHO-CBFE-5521-46AA

Bulletin has no description...

6.3CVSS5.9AI score0.00044EPSS

Exploits0References3

OSV•added 2026/05/14 3:0 p.m.•2 views

ECHO-B094-3180-9B8A

Bulletin has no description...

6.9CVSS5.7AI score0.00017EPSS

Exploits0References3

OSV•added 2026/05/14 3:0 p.m.•2 views

ECHO-0618-45A8-483A

Bulletin has no description...

6.3CVSS5.7AI score0.00044EPSS

Exploits0References3

NVD•added 2026/05/14 1:16 p.m.•7 views

CVE-2026-43644

6.1CVSS0.00032EPSS

Exploits2References3

CVE•added 2026/05/14 12:37 p.m.•10 views

CVE-2026-43644

CVE-2026-43644 affects podinfo up to version 6.11.2. The vulnerability is a reflected XSS in the /echo and /api/echo endpoints, caused by the echoHandler writing the request body to the response without setting explicit Content-Type or X-Content-Type-Options headers. Go’s content-type detection m...

6.1CVSS5.7AI score0.00032EPSS

Exploits2References3Affected Software1

EUVD•added 2026/05/14 12:37 p.m.•7 views

EUVD-2026-30275

5.4CVSS5.7AI score0.00032EPSS

Exploits2References3

ATTACKERKB•added 2026/05/14 12:37 p.m.•5 views

CVE-2026-43644

5.4CVSS5.7AI score0.00032EPSS

Exploits2References4

Vulnrichment•added 2026/05/14 12:37 p.m.•5 views

CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint

5.4CVSS5.7AI score0.00032EPSS

Exploits2References3

Cvelist•added 2026/05/14 12:37 p.m.•34 views

CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint

5.4CVSS0.00032EPSS

Exploits2References3

CNNVD•added 2026/05/14 12:0 a.m.•7 views

podinfo 跨站脚本漏洞

Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.11.2 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the echoHandler did not set a clear Content-Type or X-Content-Type-Options header on the...

6.1CVSS5.8AI score0.00032EPSS

Exploits2References1

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-40911

Name of the Vulnerable Software and Affected Versions podinfo versions prior to 6.11.3 Description A reflected cross-site scripting issue exists in the '/echo' and '/api/echo' endpoints. The echoHandler function writes request body content directly to the response without setting explicit...

6.1CVSS5.7AI score0.00032EPSS

Exploits2References11

OSV•added 2026/05/13 6:25 p.m.•1 views

ECHO-DAD7-435C-45C4

Bulletin has no description...

6.6CVSS5.7AI score0.00004EPSS

Exploits1References5

OSV•added 2026/05/13 6:25 p.m.•2 views

ECHO-086C-FDA2-1A2A

Bulletin has no description...

4.4CVSS5.7AI score0.00224EPSS

Exploits0References5