Lucene search
K

65 matches found

RedHat Linux
RedHat Linux
added 2026/04/27 1:50 a.m.9 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/23 12:0 a.m.7 views

Security update for ignition (important)

openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20603-1 Rating: important References: bsc1260251 Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1...

8.6CVSS7AI score0.01557EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 1:45 p.m.13 views

CVE-2026-6862

CVE-2026-6862: A flaw in libefiboot (part of efivar) affects the device path node parser, which does not validate that each node’s Length is at least 4 bytes (EFI node header minimum). A crafted device path node could trigger infinite recursion, stack exhaustion, and a DoS via a process crash. Do...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/22 10:9 a.m.4 views

SUSE-SU-2026:21370-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 9:58 a.m.3 views

OPENSUSE-SU-2026:20603-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

9.1CVSS5.3AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 10:27 a.m.7 views

SUSE-SU-2026:1395-1 Security update for azure-storage-azcopy

This update for azure-storage-azcopy fixes the following issues: - CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo-header bsc1260307...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2026/04/16 12:0 a.m.12 views

openSUSE Security Advisory (SUSE-SU-2026:1314-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.3 views

SUSE SLES15 / openSUSE 15 Security Update : ignition (SUSE-SU-2026:1314-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1314-1 advisory. This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/04/14 11:7 a.m.3 views

SUSE-SU-2026:1314-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header bsc1260251...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: credentials-fetcher

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/04/08 7:12 a.m.7 views

Security update for ignition

This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.6CVSS5.9AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 7:12 a.m.3 views

SUSE-SU-2026:1208-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/04/07 10:25 a.m.6 views

Security update for ignition

This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.6CVSS5.9AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 6:39 p.m.4 views

GO-2026-4762 Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc

Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 6:41 p.m.2 views

GHSA-MR6Q-RP88-FX84 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Summary The @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirel...

6.5CVSS6.7AI score0.00331EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
Snyk
Snyk
added 2026/03/24 8:30 p.m.4 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview @astrojs/vercel is a Deploy your site to Vercel Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the x-astro-path header or xastropath query parameter, which allows overriding internal request paths without authentication. An...

9.1CVSS5.8AI score0.00331EPSS
Exploits1References2
NVD
NVD
added 2026/03/24 7:16 p.m.7 views

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

9.1CVSS0.00331EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/24 6:40 p.m.3 views

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

6.5CVSS5.8AI score0.00331EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/24 6:40 p.m.20 views

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

6.5CVSS0.00331EPSS
Exploits1References4
Rows per page
Query Builder