Lucene search
+L

161 matches found

rocky
rocky
added 2026/06/05 12:3 p.m.30 views

image-builder security update

An update is available for image-builder. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images a...

10CVSS6.7AI score0.00765EPSS
Exploits2
redhat
redhat
added 2026/06/04 12:43 p.m.3 views

net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.12 views

quic-go 安全漏洞

Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2
redhat
redhat
added 2026/06/03 7:49 a.m.19 views

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

Janet 输入验证错误漏洞

Janet is a functional and imperative programming language and bytecode interpreter developed by Janet Language. Versions of Janet prior to 1.41.0 had a vulnerability related to input validation errors. This vulnerability stemmed from incorrect operations in the function unmarshalonefiber found in...

4.8CVSS4.6AI score0.0012EPSS
Exploits0References8
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19, Golang-1.23

Canceling a query for example, by canceling the context passed to one of the query methods during a call to the Scan method of the returned Rows can lead to unexpected results if other queries are being executed in parallel. This can cause a race condition, which may overwrite the expected result...

7CVSS6.7AI score0.00355EPSS
Exploits0References2
nessus
nessus
added 2026/05/19 12:0 a.m.17 views

RHEL 9 : grafana-pcp (RHSA-2026:19351)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19351 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2026/05/13 12:0 a.m.2 views

The vulnerability of the soap_add_xml_ref() function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the soapaddxmlref function in the PHP programming language is related to the possibility of using memory after it has been freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9CVSS6.1AI score0.00739EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/10 4:28 a.m.9 views

CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

6.3CVSS5.8AI score0.00337EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability arises from parsing email addresses according to RFC 5322. Pathological inputs may...

7.5CVSS5.8AI score0.00798EPSS
Exploits0References1
redos
redos
added 2026/05/07 12:0 a.m.11 views

ROS-20260507-73-0012

Vulnerability in golang related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS5.8AI score0.00615EPSS
Exploits0
nessus
nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.6.6 (RHSA-2020:5159)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5159 advisory. - golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs CVE-2020-16845 Note that Nessus has not tested...

7.5CVSS5.9AI score0.0473EPSS
Exploits0References5
nessus
nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.8.15 (RHSA-2021:3820)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory. - jenkins: improper permission checks allow canceling queue items and aborting builds CVE-2021-21670 - jenkins: session fixation...

7.5CVSS7.2AI score0.06975EPSS
Exploits4References16
redhat
redhat
added 2026/04/30 3:3 a.m.14 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
redos
redos
added 2026/04/30 12:0 a.m.5 views

ROS-20260430-73-0016

Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...

8.8CVSS5.3AI score0.0034EPSS
Exploits0
nessus
nessus
added 2026/04/22 12:0 a.m.10 views

RHEL 7 : python3 (RHSA-2026:9745)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9745 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/16 12:0 a.m.11 views

Gravity 安全漏洞

Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...

9.8CVSS6.3AI score0.0064EPSS
Exploits0References1
redhat
redhat
added 2026/04/13 9:59 p.m.9 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS5.8AI score0.00459EPSS
Exploits2References8
redhatcve
redhatcve
added 2026/04/10 7:23 p.m.6 views

CVE-2026-39611

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from improper context tracking in JavaScript template literals. This can lead to content...

6.1CVSS7.1AI score0.0029EPSS
Exploits0References4
Rows per page
Query Builder