Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2026/02/19 11:16 p.m.8 views

CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

6.3CVSS6.9AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 8:23 p.m.4 views

GHSA-82FF-HG59-8X73 github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

6.9CVSS6.9AI score0.00159EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/29 4:43 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to improper validation of the TrustedOrigins header which was introduced by the fix for CVE-2025-24358. An attacker can perform unauthorized actions on behalf of authenticated users by submitting...

8.8CVSS6.7AI score0.00347EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/02 7:51 a.m.5 views

Arbitrary Code Execution (ACE)

filippo.io/age is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation or sanitization of plugin names, identities, or recipients, allows malicious input to be introduced and will execute arbitrary code or binaries...

8.2AI score
Exploits0
Rows per page
Query Builder