CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/08 3:30 a.m.•3 views

EUVD-2026-10204

NVD•added 2026/03/08 2:16 a.m.•3 views

Exploits0References5

CVE-2026-3697

6.5CVSS0.00247EPSS

Cvelist•added 2026/03/08 1:32 a.m.•37 views

CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow

6.5CVSS0.00247EPSS

CVE•added 2026/03/08 1:32 a.m.•17 views

CVE-2026-3697

Planet ICG-2510 1.0_20250811 is affected by CVE-2026-3697. The vulnerable element is function sub_40C8E4 in /usr/sbin/httpd within the Language Package Configuration Handler. A manipulation of the Language argument can cause a stack-based buffer overflow, with the attack described as remotely exe...

Vulnrichment•added 2026/03/08 1:32 a.m.•4 views

CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow

Positive Technologies•added 2026/03/08 12:0 a.m.•5 views

PT-2026-23907

A vulnerability was determined in Planet ICG-2510 1.0 20250811. The impacted element is the function sub 40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attac...

OpenVAS•added 2025/11/12 12:0 a.m.•2 views

Exploits0References5

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-2358)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS6.7AI score0.00489EPSS

Exploits1References2

RedHat Linux•added 2025/06/17 3:20 p.m.•2 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00682EPSS

Exploits0References8

OSV•added 2024/11/28 5:15 p.m.•4 views

AZL-53471 CVE-2024-52338 affecting package libarrow for versions less than 15.0.0-7

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS5.9AI score0.02322EPSS

OSSF Malicious Packages•added 2024/11/27 6:19 a.m.•5 views

Malicious code in ruby-lsp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d59cae1de4c2853d318ad10197c82dc6f10fe194854b704b477cc20b271184 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Microsoft CVE•added 2024/09/11 7:0 a.m.•3 views

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input this can be used as a vector for a denial-of-service attack.

...

7.5CVSS7.5AI score0.01356EPSS

Exploits0

RedHat Linux•added 2024/04/29 12:0 p.m.•2 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS

Exploits0References6

OSV•added 2024/04/29 4:15 a.m.•3 views

AZL-40070 CVE-2024-2756 affecting package php for versions less than 8.1.28-1

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.4AI score0.3786EPSS

BDU FSTEC•added 2024/03/15 12:0 a.m.•3 views

The vulnerability of the golang package in the Debian GNU/Linux operating system, which allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the golang package in the Debian GNU/Linux operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to trigger a Denial-of-Service Attack DoS...

7.8CVSS6.6AI score0.01156EPSS

Exploits0References10Affected Software3

BDU FSTEC•added 2023/09/19 12:0 a.m.•3 views

The vulnerability of the golang.org/x/text/language component in the Go language text library, which allows attackers to trigger a denial-of-service attack.

The vulnerability of the golang.org/x/text/language component in the Go language programming library is related to deficiencies in resource release after the expiration of its useful period. Exploiting this vulnerability could allow an attacker to cause service failures...

7.8CVSS6.7AI score0.01428EPSS

Exploits0References8Affected Software3

RedHat Linux•added 2023/05/18 12:39 a.m.•0 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

7.5CVSS6.6AI score0.01428EPSS

Exploits0References6

OSSF Malicious Packages•added 2022/10/24 4:21 a.m.•3 views

Malicious code in anchor-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ead75f6f1a06885c859de3db6135c335ed8dfe9a9f6b95aa938723e6cf38c80a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score