CVE-2026-33252

A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard encoding/json package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery CSRF vulnerability. By sending browser-generated cross-site POST requests to a local...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the unpack function during the artifact extraction due to the lack of header.Name validation in the said function. An attacker can create or overwrite arbitrary files within system directories by supplying a...

Linux Distros Unpatched Vulnerability : CVE-2023-2848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...

Linux Distros Unpatched Vulnerability : CVE-2020-20740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdfgetversion. CVE-2020-20740 Note that Nessus relies on the presence o...

PDFResurrect 缓冲区错误漏洞

PDFResurrect is a tool for analyzing PDF documents to help extract old "hidden" versions of pdf from the current pdf. pdfgetversion in versions prior to PDFResurrect 0.20 has a heap buffer overflow vulnerability. . The vulnerability stems from a lack of header validation checks in PDFResurrect. N...