4 matches found
CVE-2026-26958
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...
GHSA-82FF-HG59-8X73 github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to improper validation of the TrustedOrigins header which was introduced by the fix for CVE-2025-24358. An attacker can perform unauthorized actions on behalf of authenticated users by submitting...
Arbitrary Code Execution (ACE)
filippo.io/age is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation or sanitization of plugin names, identities, or recipients, allows malicious input to be introduced and will execute arbitrary code or binaries...