Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/05/13 2:16 a.m.22 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
OSV
OSV
added 2026/05/06 12:5 p.m.16 views

RLSA-2026:10217 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32283 crypto/x509:...

9CVSS5.9AI score0.00658EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/23 9:39 p.m.6 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
OSV
OSV
added 2026/01/08 9:16 p.m.8 views

GHSA-54M3-5FXR-2F3J Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

8.8CVSS6.5AI score0.003EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/08 6:22 p.m.5 views

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS6AI score0.003EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/08 6:22 p.m.8 views

EUVD-2026-1423

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS5.8AI score0.003EPSS
Exploits1References4
OSV
OSV
added 2024/05/01 5:39 a.m.7 views

CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

5.8CVSS7AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

8.8CVSS8.7AI score0.01659EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2022/02/25 12:0 a.m.31 views

PT-2022-10654

Name of the Vulnerable Software and Affected Versions jQuery-Upload-File version 4.0.11 Description A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload...

6.1CVSS6.6AI score0.00846EPSS
Exploits0References13
Veracode
Veracode
added 2020/09/02 7:58 a.m.21 views

Directory Traversal

github.com/u-root/u-root is vulnerable to directory traversal. A zip slip vulnerability allows an attacker to write arbitrary files on the system via a zip archive containing malicious file names with ../ characters...

7.5CVSS5.3AI score0.01826EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2019/12/18 2:6 a.m.18 views

Directory Traversal

typo3/cms is vulnerable to directory traversal. Manually uploaded Zip archives are not validated and allows for malicious file names containing the ../ characters. This could potentially result in system files being overwritten upon extraction...

7.2CVSS4.2AI score0.01452EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder