Lucene search
K

70 matches found

OSV
OSV
added 2026/03/04 10:34 a.m.9 views

CLSA-2026-1772620440 skopeo: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS6.9AI score0.01945EPSS
Exploits3References1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforced its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS5.8AI score0.00535EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 1:4 p.m.13 views

CLSA-2026-1772456640 podman: Fix of 4 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS6.9AI score0.01945EPSS
Exploits4References1
NVD
NVD
added 2026/02/24 9:16 p.m.8 views

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

7.5CVSS0.00594EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21801

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.0.1 Description Fiber is an Express inspired web framework written in Go. A denial of service issue exists in Fiber that allows remote attackers to crash the application by sending...

9.9CVSS6.1AI score0.27661EPSS
Exploits45References124
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005328 advisory. Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

7.5CVSS5.5AI score0.00535EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005323 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencod...

7.5CVSS5.7AI score0.00911EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.9 views

AZL-75734 CVE-2025-61726 affecting package golang for versions less than 1.25.6-1

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.4AI score0.01945EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-75642 CVE-2025-61726 affecting package msft-golang for versions less than 1.24.12-1

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.4AI score0.01945EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.11 views

CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS0.01945EPSS
Exploits0References275
OSV
OSV
added 2026/01/28 7:30 p.m.4 views

CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References275
EUVD
EUVD
added 2026/01/28 7:30 p.m.7 views

EUVD-2025-206445

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS5.9AI score0.01945EPSS
Exploits0References4
OSV
OSV
added 2026/01/20 4:30 p.m.6 views

GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.11 views

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/12/30 9:2 p.m.4 views

GHSA-6RW7-VPXM-498P qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario...

6.3CVSS6.9AI score0.0041EPSS
Exploits1References4
OSV
OSV
added 2025/12/29 11:15 p.m.4 views

AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.1AI score0.0041EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 11:15 p.m.5 views

AZL-73359 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.6AI score0.0041EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 11:15 p.m.4 views

AZL-73353 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.6AI score0.0041EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 11:15 p.m.5 views

UBUNTU-CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.5AI score0.0041EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/29 10:56 p.m.3 views

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all...

6.3CVSS5.5AI score0.0041EPSS
Exploits1References3
Rows per page
Query Builder