Lucene search
K

24 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-15320

CVE-2026-15320 affects Sipeed PicoClaw software up to version 0.2.9. The vulnerability targets the function rt.ReloadConfig in the file pkg/channels/pico/pico.go, where manipulation of the message.send argument can bypass authorization. This potentially allows a remote attacker to trigger the iss...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.11 views

SUSE CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS4.9AI score0.00179EPSS
Exploits1References3
NVD
NVD
added 2026/06/03 1:16 p.m.9 views

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS0.00179EPSS
Exploits1References9
NVD
NVD
added 2026/06/01 3:16 p.m.16 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS0.00265EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 2:15 p.m.10 views

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00265EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/23 1:44 p.m.12 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:44 p.m.11 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 9:58 p.m.1 views

GHSA-6QCC-6Q27-WHP8 goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Summary deleteFile missing return after path traversal check | httpserver/handler.go:645-671 The finding affects the default configuration, no flags or authentication required. Details File: httpserver/handler.go:645-671 Trigger: GET /?delete handler.go:157-160 dispatches to deleteFile The functi...

9.8CVSS6.1AI score0.00683EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/12/08 12:22 a.m.7 views

SUSE CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

6.1CVSS5.9AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2025/12/04 12:0 a.m.16 views

CVE-2025-65516

Summary: CVE-2025-65516 is a stored XSS affecting Seafile Community Edition before 13.0.12 when using the Golang file server. An attacker can upload a crafted SVG containing malicious JavaScript and share it via a public link; opening that link triggers script execution in the victim’s browser. A...

6.1CVSS5.5AI score0.0019EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/13 6:31 p.m.6 views

OliveTin OS Command Injection vulnerability

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

6.5CVSS7.6AI score0.013EPSS
Exploits2References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-43970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36...

5.3CVSS4.7AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/12 7:42 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SplitRTR function in the rtr.go file, which allows access to data without checking the input length. An attacker can cause a denial of service by sending specially crafted input. Remediation Upgrade...

6.3CVSS4.5AI score0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.3 views

trojan 安全漏洞

trojan is a multi-user administration and deployment program by Jrohy Individual Developer, supporting web page administration. A security vulnerability exists in trojan 2.15.3 and earlier, which is caused by an os command injection due to a mishandling of the c parameter in the...

8.1CVSS5.9AI score0.02937EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.4 views

CVE-2022-3939

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely...

9.8CVSS9.1AI score0.00558EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 1:15 p.m.5 views

CVE-2025-2589

A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument usercookie leads to improper authorization. The exploit has been disclosed to the...

9.8CVSS5.5AI score0.00429EPSS
Exploits1References5
OSV
OSV
added 2023/09/05 4:15 a.m.3 views

DEBIAN-CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

5.5CVSS5.7AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.6 views

etcd 缓冲区错误漏洞

etcd is a key-value storage system for distributed systems written in the Go language. A buffer error vulnerability exists in etcd version v3.5.4, which originated from allowing remote attackers to cause a denial of service via the PageWriter.write function in pagewriter.go...

7.5CVSS7.7AI score0.01314EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.7 views

PT-2022-9020 · Unknown · Destiny.Gg Chat

Name of the Vulnerable Software and Affected Versions: destiny.gg chat affected versions not specified Description: A vulnerability was found in the destiny.gg chat, affecting the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery, and the attack...

8.8CVSS6.8AI score0.00343EPSS
Exploits0References10
Rows per page
Query Builder