Lucene search
K

725 matches found

RedHat Linux
RedHat Linux
added 5 days ago6 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString XS.xs inspects the previous token's last byte to choose between a regexp literal and a...

7.5CVSS0.00488EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/29 7:38 p.m.9 views

CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString XS.xs inspects the previous token's last byte to choose between a regexp literal and a...

7.5CVSS5.8AI score0.00488EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53732

Name of the Vulnerable Software and Affected Versions JavaScript::Minifier::XS versions prior to 0.16 Description A NULL pointer dereference occurs when the first meaningful token of the input is a slash. The issue resides in the JsTokenizeString function within the XS.xs file, where the regexp...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:13 p.m.9 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

9.1CVSS5.9AI score0.01557EPSS
Exploits1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

The webbrowser.open API accepts URLs with leading hyphens, which can be treated as command-line options for certain web browsers. However, the new behavior disallows the use of leading hyphens. It is recommended that users sanitize URLs before passing them to webbrowser.open...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/24 11:4 a.m.4 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 11:36 a.m.7 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.3AI score0.01557EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/15 8:38 p.m.8 views

Use of Incorrectly-Resolved Name or Reference

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the reconstruction of request.url when the HTTP request path does not begin with /. An attacker can mislead the application into trusti...

8.3CVSS5.3AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49596

Name of the Vulnerable Software and Affected Versions starlette versions prior to 1.3.1 Description The HTTP request path is not validated before being used to reconstruct request.url. When a path does not begin with /, such as @google.com, it is concatenated as scheme://hostpath. This shifts the...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/06/11 1:57 p.m.13 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.9 views

undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.5AI score0.00677EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 8:25 p.m.10 views

undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.5AI score0.00677EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/08 4:6 p.m.12 views

USN-8406-1: Net::CIDR::Lite vulnerabilities

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

7.5CVSS5.6AI score0.00493EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : perl-Net-CIDR-Lite (SUSE-SU-2026:2113-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2113-1 advisory. This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailin...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/06 3:2 a.m.9 views

SUSE CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

6.5CVSS5.6AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.10 views

SUSE CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.5AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.4AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 5:16 p.m.12 views

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS0.00312EPSS
Exploits0References3
Rows per page
Query Builder