CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

250 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в golang-github-gin-gonic-gin

This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...

7.1CVSS7AI score0.0036EPSS

Exploits0References1

GithubExploit•added 2026/05/20 5:45 a.m.•66 views

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...

4.3CVSS6.1AI score0.00432EPSS

Exploits2

Github Security Blog•added 2026/04/22 7:49 p.m.•4 views

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

7.5CVSS5.8AI score0.00048EPSS

Exploits1References3Affected Software1

OSV•added 2026/04/22 7:49 p.m.•2 views

GHSA-98CP-84M9-Q3QP free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

7.5CVSS5.8AI score0.00048EPSS

Exploits1References3

Vulnrichment•added 2026/04/21 11:49 p.m.•1 views

CVE-2026-41135 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

free5GC UDR is the Policy Control Function PCF for free5GC, an an open-source project for 5th generation 5G mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory...

7.5CVSS5.7AI score0.00048EPSS

Exploits1References2

Veracode•added 2026/04/16 7:54 a.m.•2 views

Improper Access Control

github.com/1panel-dev/1panel is vulnerable to improper access control. The vulnerability is due to trusting all proxy IPs in Gin’s default configuration, which allows an attacker to spoof the X-Forwarded-For header and bypass IP-based security controls...

6.5CVSS7.2AI score0.00043EPSS

Exploits0References2Affected Software1

Veracode•added 2026/04/16 7:35 a.m.•4 views

Arbitrary File Deletion

Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...

9.1CVSS5.9AI score0.00149EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2026/03/01 1:22 a.m.•3 views

INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints

Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user logged in but without administrator privileges attempts to access a resource under /api/admin/, the system detects the error but does not block the request. As...

6AI score

Exploits0References3Affected Software1

OSV•added 2026/03/01 1:22 a.m.•1 views

GHSA-XFX2-PRG5-JQ3G INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints

8.7CVSS6AI score

Exploits0References3

IBM Security Bulletins•added 2026/01/30 9:14 a.m.•3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin

Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...

5.9AI score

Exploits0Affected Software1

SUSE CVE•added 2026/01/27 12:27 a.m.•2 views

SUSE CVE-2026-22786

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

8.6CVSS5.9AI score0.00655EPSS

Exploits1References2

OSV•added 2026/01/23 2:28 a.m.•2 views

GO-2026-4313 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal in github.com/flipped-aurora/gin-vue-admin...

8.6CVSS5.6AI score0.00655EPSS

Exploits1References3

RedhatCVE•added 2026/01/13 10:52 p.m.•1 views

CVE-2026-22786

8.6CVSS7AI score0.00655EPSS

Exploits1References1

OSV•added 2026/01/13 7:15 p.m.•1 views

GHSA-3558-J79F-VVM6 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

8.6CVSS7.5AI score0.00655EPSS

Exploits1References4

Github Security Blog•added 2026/01/13 7:15 p.m.•10 views

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

8.6CVSS7.6AI score0.00655EPSS

Exploits1References4Affected Software1