Lucene search
K

387 matches found

OSV
OSV
added 2026/05/20 3:55 p.m.4 views

MINI-CFRP-M7V5-XJ48

Bulletin has no description...

5.7AI score0.00037EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmodesetbit with a bit mask 1 10 rather than a specific bit number 10. This causes memory...

5.5CVSS6.2AI score0.00217EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed null ndlp pointer dereferencing in an abnormal exit path for GFTID An error case resulting from exiting from lpfccmplctcmdgftid causes a call to lpfcnlpput, where a null pointer is used to reference the nodelist...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 11:19 p.m.15 views

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

6.1CVSS0.00212EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:47 p.m.7 views

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

5.3CVSS6AI score0.00212EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:47 p.m.8 views

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

5.3CVSS6AI score0.00212EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 9:47 p.m.40 views

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

5.3CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 9:47 p.m.23 views

CVE-2026-42554

CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...

6.1CVSS6AI score0.00212EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/11 6:47 p.m.7 views

MINI-FRP8-4V6P-6WP3

Bulletin has no description...

7.5CVSS5.7AI score0.00588EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Fiber 跨站脚本漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...

6.1CVSS5.8AI score0.00212EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 8:13 p.m.6 views

GHSA-QJV7-627W-8QJV Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

5.3CVSS6AI score0.00212EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/05 8:13 p.m.8 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber/v2 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 8:13 p.m.7 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 8:13 p.m.7 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 8:13 p.m.15 views

Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

6.1CVSS6AI score0.00212EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2026/05/05 1:16 p.m.19 views

CVE-2026-30246

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/05 12:40 p.m.43 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:40 p.m.7 views

CVE-2026-30246

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/05 12:40 p.m.8 views

EUVD-2026-27313

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/05 12:40 p.m.5 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References3
Rows per page
Query Builder