Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

Vulnrichment
Vulnrichmentadded 2026/05/06 4:20 p.m.3 views

CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

6AI score0.00026EPSS
Exploits0References2
CVE
CVEadded 2026/05/06 4:20 p.m.8 views

CVE-2026-42503

The CVE-2026-42503 issue affects gopls (golang.org/x/tools/gopls). When -listen (or -port) is used without an explicit host, gopls binds to 0.0.0.0, potentially allowing a malicious party on the same network to execute arbitrary code. This is described in the NVD entry and corroborated by multipl...

8.8CVSS6AI score0.00026EPSS
Exploits0References2
Rows per page
Query Builder