MINI-CFRP-XMVC-WV5V

Bulletin has no description...

CVE-2026-42554

A flaw was found in Fiber, a web framework for Go. A remote attacker can exploit a Cross-Site Scripting XSS vulnerability by manipulating the Accept header to text/html when a request handler uses the AutoFormat feature with attacker-controlled data. This allows the attacker to inject arbitrary...

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

CVE-2026-10268

A flaw was found in janet-lang janet. A local attacker can trigger an integer overflow in the unmarshalonefiber function. This vulnerability could lead to a denial of service DoS, making the application unavailable to legitimate users...

CVE-2026-10268

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

CVE-2026-10268

The CVE affects janet-lang Janet up to 1.41.0, specifically the unmarshal_one_fiber function in src/core/marsh.c. A manipulation can cause an integer overflow, with local-host exploitation possible. A public PoC exists, and the patch d9b1d711ea1fde52ac73a82088b512a3e17bad0d provides remediation. ...

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

EUVD-2026-33681

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

Janet 输入验证错误漏洞

Janet is a functional and imperative programming language and bytecode interpreter developed by Janet Language. Versions of Janet prior to 1.41.0 had a vulnerability related to input validation errors. This vulnerability stemmed from incorrect operations in the function unmarshalonefiber found in...

MINI-CFRP-M7V5-XJ48

Bulletin has no description...

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554

CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...

MINI-FRP8-4V6P-6WP3

Bulletin has no description...

Fiber 跨站脚本漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...