CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

GHSA-6QCC-6Q27-WHP8 goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Summary deleteFile missing return after path traversal check | httpserver/handler.go:645-671 The finding affects the default configuration, no flags or authentication required. Details File: httpserver/handler.go:645-671 Trigger: GET /?delete handler.go:157-160 dispatches to deleteFile The functi...

SUSE CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

CVE-2025-65516

Summary: CVE-2025-65516 is a stored XSS affecting Seafile Community Edition before 13.0.12 when using the Golang file server. An attacker can upload a crafted SVG containing malicious JavaScript and share it via a public link; opening that link triggers script execution in the victim’s browser. A...

OliveTin OS Command Injection vulnerability

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

Linux Distros Unpatched Vulnerability : CVE-2025-43970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SplitRTR function in the rtr.go file, which allows access to data without checking the input length. An attacker can cause a denial of service by sending specially crafted input. Remediation Upgrade...

trojan 安全漏洞

trojan is a multi-user administration and deployment program by Jrohy Individual Developer, supporting web page administration. A security vulnerability exists in trojan 2.15.3 and earlier, which is caused by an os command injection due to a mishandling of the c parameter in the...

CVE-2022-3939

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely...

CVE-2025-2589

A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument usercookie leads to improper authorization. The exploit has been disclosed to the...

DEBIAN-CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

etcd 缓冲区错误漏洞

etcd is a key-value storage system for distributed systems written in the Go language. A buffer error vulnerability exists in etcd version v3.5.4, which originated from allowing remote attackers to cause a denial of service via the PageWriter.write function in pagewriter.go...

PT-2022-9020 · Unknown · Destiny.Gg Chat

Name of the Vulnerable Software and Affected Versions: destiny.gg chat affected versions not specified Description: A vulnerability was found in the destiny.gg chat, affecting the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery, and the attack...

PT-2022-19706 · Unknown · Kardianos Service Package

Name of the Vulnerable Software and Affected Versions: kardianos service package for Go affected versions not specified Description: The issue is related to the service windows.go file in the kardianos service package for Go, which omits quoting that is sometimes needed for the execution of a...

ShopsN open source mall system In***::go*** file with SQL injection vulnerabilities

ShopsN open source mall system is a product of Shanghai Yiso Network Technology Co., Ltd. an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system . ShopsN open source mall system In::go file there is a SQL injection...

AbiWord Parameter Injection Vulnerability

AbiWord is a free word processing program similar to Microsoft Word for a variety of word processing tasks. A security vulnerability exists in the af/util/xp/utgofile.cpp file in AbiWord version 3.0.2-2, which originates from the program not validating strings before starting the program. A remot...