Lucene search
K

389 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-53624

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-45045

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add instead of Header.Set when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serve...

5.3CVSS0.00455EPSS
Exploits0References7
NVD
NVD
added 5 days ago5 views

CVE-2026-44332

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS0.00516EPSS
Exploits0References4
CVE
CVE
added 5 days ago21 views

CVE-2026-44332

Fiber’s Go-based web framework vulnerability CVE-2026-44332 affects the BasicAuth middleware’s default Authorizer prior to v3.3.0. The issue arises from short-circuit evaluation in the Authorizer: for non-existent usernames, the password hash check is skipped, enabling remote username enumeration...

5.3CVSS6AI score0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago41 views

CVE-2026-44332 Fiber: Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits0References4
CVE
CVE
added 5 days ago8 views

CVE-2026-53624

CVE-2026-53624 (Fiber Go) : The helmet middleware fails to set the Strict-Transport-Security header before version 3.4.0 because it checks c.Protocol() for

4.8CVSS6AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-45045 Fiber: X-Real-IP Spoofing via Header.Add() in BalancerForward

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add instead of Header.Set when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serve...

5.3CVSS0.00455EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/02 1:46 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00516EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55274

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Description The default Authorizer function in the BasicAuth middleware, located in middleware/basicauth/config.go, uses short-circuit evaluation when validating credentials. If a username does not exist, the syst...

5.3CVSS6AI score0.00516EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwis...

8.8CVSS6.1AI score0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53231

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

5.8AI score0.00087EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/06 4:6 a.m.8 views

MINI-CFRP-XMVC-WV5V

Bulletin has no description...

7.5CVSS5.2AI score0.00939EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42554

A flaw was found in Fiber, a web framework for Go. A remote attacker can exploit a Cross-Site Scripting XSS vulnerability by manipulating the Accept header to text/html when a request handler uses the AutoFormat feature with attacker-controlled data. This allows the attacker to inject arbitrary...

6.1CVSS5.3AI score0.00212EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

8.7CVSS6.1AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 5:59 p.m.16 views

CVE-2026-10268

A flaw was found in janet-lang janet. A local attacker can trigger an integer overflow in the unmarshalonefiber function. This vulnerability could lead to a denial of service DoS, making the application unavailable to legitimate users...

4.8CVSS5.8AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 5:16 p.m.13 views

CVE-2026-10268

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS0.0012EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 3:0 p.m.12 views

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/01 3:0 p.m.13 views

EUVD-2026-33681

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/01 3:0 p.m.34 views

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS0.0012EPSS
Exploits0References8
Rows per page
Query Builder