32372 matches found
ROOT-APP-GOBINARY-CVE-2026-27136 CVE-2026-27136 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-27136 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42502 CVE-2026-42502 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42502 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39821 CVE-2026-39821 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-39821 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-33814 CVE-2026-33814 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-33814 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-25681 CVE-2026-25681 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-25681 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
CandidATS 3.0.0 - Cross-Site Scripting
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. id: CVE-2022-23397 info: name: Cedar Gate EZ-NET = 6.8.0 - Cross-Si...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...
CVE-2026-47241
A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol IMAP. This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
ruby:3.3 security update
An update is available for module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...
ROOT-APP-GOBINARY-CVE-2026-42506 CVE-2026-42506 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42506 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...