Lucene search
K

13 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 2:40 p.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.10

Red Hat OpenShift Service Mesh 3.1.10 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/26 4:15 p.m.8 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by improper file upload validation. These vulnerabilities could lead to the hosting of...

6.3CVSS5AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were due to the possibility of redirecting users to malicious websites through abuse...

4.7CVSS5.3AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.25 views

PT-2026-43298

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/25 3:7 p.m.3 views

Malicious code in notificare-go-web (npm)

The package notificare-go-web was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/25 3:7 p.m.2 views

MAL-2025-47592 Malicious code in notificare-go-web (npm)

The package notificare-go-web was found to contain malicious code...

7AI score
Exploits0
NVD
NVD
added 2025/04/15 7:16 p.m.14 views

CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

6CVSS0.00347EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/15 6:57 p.m.10 views

CVE-2025-24358 gorilla/csrf CSRF vulnerability due to broken Referer validation

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

6CVSS6.3AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/15 6:57 p.m.20 views

CVE-2025-24358 gorilla/csrf CSRF vulnerability due to broken Referer validation

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

6CVSS0.00347EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/29 12:19 a.m.3 views

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

6.5CVSS7.4AI score0.01165EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.4 views

SUSE CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

9.8CVSS9.2AI score0.02704EPSS
Exploits0References3
OSV
OSV
added 2022/08/10 8:15 p.m.8 views

UBUNTU-CVE-2022-32148

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the...

6.5CVSS6.7AI score0.01103EPSS
Exploits1References5
Rows per page
Query Builder