13 matches found
EUVD-2026-14643
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...
EUVD-2026-4710
soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives...
WordPress Elementinvader Addons for Elementor plugin < 1.4.1 – Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by Lucas Montes in WordPress Plugin ElementInvader Addons for Elementor versions 1.4.1...
Linux Distros Unpatched Vulnerability : CVE-2024-37298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... ope...
SUSE CVE-2024-37298
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
DEBIAN-CVE-2024-37298
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
AZL-44949 CVE-2024-37298 affecting package podman for versions less than 5.6.1-2
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
AZL-43146 CVE-2024-37298 affecting package telegraf for versions less than 1.29.4-7
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
AZL-43071 CVE-2024-37298 affecting package libcontainers-common for versions less than 20210626-4
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
AZL-43103 CVE-2024-37298 affecting package libcontainers-common for versions less than 20240213-2
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
Insecure header validation in slim/psr7
Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...
CVE-2022-39199 Lack of proper validation in immudb
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and...
2FA bypass through deleting devices in wagtail-2fa
Impact Any user with access to the CMS can view and delete other users' 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other user's device they can disable the target user's 2FA devices and potentially compromise the...