Lucene search
K

29 matches found

Cvelist
Cvelist
added 6 days ago18 views

CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

10CVSS7.9AI score0.01945EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.4AI score0.0185EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.10 views

Malicious code in @antv/path-util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2026/05/11 6:30 p.m.18 views

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa1c16 that was published on December 17, 2025 or previously," th...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/20 2:26 p.m.10 views

OESA-2026-1698 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/02 10:30 a.m.11 views

CLSA-2026-1772124479 golang: Fix of 7 CVEs

Update to Go 1.25.7 - CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter parsing - CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing - CVE-2025-68121: fixed security bypass in TLS where session resumption could ignore revoked or expired client...

10CVSS6.3AI score0.01945EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/05 12:1 p.m.11 views

CVE-2025-68119

A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial hg installed, this can occur when downloading modules from...

7CVSS8.6AI score0.00335EPSS
Exploits0References7
CNVD
CNVD
added 2026/02/05 12:0 a.m.7 views

Google Go Code Execution Vulnerability (CNVD-2026-10650)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

7CVSS6.9AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-78939 CVE-2025-68119 affecting package golang 1.25.7-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.8 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS0.00335EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.6 views

AZL-75639 CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.5 views

AZL-75728 CVE-2025-68119 affecting package golang for versions less than 1.25.6-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.2 views

UBUNTU-CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.7AI score0.00335EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 7:30 p.m.4 views

EUVD-2025-206446

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:30 p.m.5 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

6.4AI score0.00335EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/28 7:30 p.m.44 views

CVE-2025-68119

CVE-2025-68119 describes local code execution and arbitrary-file writes when downloading/building modules with malicious version strings in environments where external VCS tools are present. Specifically: on systems with Mercurial (hg), downloading modules from non-standard sources (e.g., custom ...

7CVSS7.8AI score0.00335EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/28 7:30 p.m.21 views

CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

0.00335EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/01/28 7:30 p.m.8 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0
Snyk
Snyk
added 2026/01/28 7:7 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Go Vulnerability Report: Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g...

8.4CVSS7.8AI score0.00335EPSS
Exploits0References3
Rows per page
Query Builder