Lucene search
K

72 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2443)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:13 p.m.9 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

9.1CVSS5.9AI score0.01557EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/19 9:17 p.m.14 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00463EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/06/19 8:26 p.m.5 views

CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/17 9:2 p.m.11 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.3AI score0.00463EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.13 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.4AI score0.00463EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/17 12:0 a.m.8 views

Path Equivalence

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.7 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.14 views

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2246)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2208)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Subversion

Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...

7.5CVSS6.8AI score0.09254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.7 views

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3236 (ALAS-2026-3236)

"The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3236 advisory. The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negati...

9.1CVSS6AI score0.01557EPSS
Exploits2References6
Amazon
Amazon
added 2026/04/14 12:0 a.m.5 views

Important: runfinch-finch

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1548)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1548 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
OSV
OSV
added 2026/03/20 11:16 p.m.11 views

UBUNTU-CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/18 8:10 p.m.30 views

gRPC-Go has an authorization bypass via missing leading slash in :path

Impact What kind of vulnerability is it? Who is impacted? It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash e.g.,...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 8:10 p.m.6 views

GHSA-P77J-4MVH-X3M3 gRPC-Go has an authorization bypass via missing leading slash in :path

Impact What kind of vulnerability is it? Who is impacted? It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash e.g.,...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.14 views

PT-2026-26207

Name of the Vulnerable Software and Affected Versions: gRPC-Go versions prior to 1.79.3 Description: gRPC-Go is vulnerable to an authorization bypass due to improper input validation of the HTTP/2 :path pseudo-header. The server incorrectly routes requests with missing leading slashes in the :pat...

9.8CVSS5.9AI score0.01557EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3257

Malware in sbrugna...

4CVSS7.4AI score0.06464EPSS
Exploits0References20
Rows per page
Query Builder