6962 matches found
PT-2026-5501
The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse custom args function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expo...
EulerOS Virtualization 2.10.0 : ncurses (EulerOS-SA-2026-1183)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the...
CLEANSTART-2026-ER42900 ParseAddress function constructs domain-literal address components through repeated string concatenation
Multiple security vulnerabilities affect the external-dns-fips package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...
CVE-2026-25128
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...
CVE-2025-63655
A NULL pointer dereference in the mkhttprangeparse function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63655
A NULL pointer dereference in the mkhttprangeparse function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63655
A NULL pointer dereference in the mkhttprangeparse function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
Monkey Server security vulnerabilities
Monkey Server is an open-source HTTP server developed by Monkey I/O. There is a security vulnerability in Monkey Server, which stems from a null pointer dereferencing in the mkhttprangeparse function. This vulnerability may lead to denial-of-service attacks...
EUVD-2025-206525
A NULL pointer dereference in the mkhttprangeparse function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
PT-2026-5341
Name of the Vulnerable Software and Affected Versions Monkey versions prior to commit f37e984 Description A flaw exists in the mk http range parse function located in mk server/mk http.c that can lead to a Denial of Service DoS. This occurs when a specially crafted HTTP request is sent to the...
AZL-78925 CVE-2025-61726 affecting package golang 1.25.7-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
AZL-75734 CVE-2025-61726 affecting package golang for versions less than 1.25.6-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
GO-2026-4341 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2026-24852
The CVE-2026-24852 issue affects iccDEV before version 2.3.1.2, where a heap-buffer-over-read can occur in icXmlParseTextString() when strlen() reads a non-null-terminated buffer, potentially leaking heap memory and causing application termination. The fixed release is 2.3.1.2. It involves ICC co...
CVE-2026-24883
In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...
CVE-2026-24883
In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...
CVE-2026-24883
In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...