Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 8:0 p.m.6 views

goshs has a file-based ACL authorization bypass in goshs state-changing routes

Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...

9.8CVSS6AI score0.00651EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/10 7:44 p.m.17 views

CVE-2026-40189

CVE-2026-40189 affects goshs, a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces per-folder .goshs ACL/basic-auth for directory listings and file reads but does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can perform state-...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25861

Name of the Vulnerable Software and Affected Versions Fullchain versions prior to 0.1.1 Description Fullchain is a platform for deploying CTF Capture The Flag environments. A misconfigured NetworkPolicy allows a malicious actor to move laterally from a compromised application to any Pod in a...

7.1CVSS5.9AI score0.00501EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2026/03/13 8:58 p.m.7 views

github.com/ctfer-io/monitoring Vulnerable to Improper Access Control

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/05 8:44 p.m.2 views

kernel: out-of-bounds array access in __xfrm_policy_unlink

A flaw was found in the Linux kernel. When xfrm policy removal occurs a system crash could occur. These policy changes generally occur through the ip command or a netlink socket...

4.9CVSS7.1AI score0.0173EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/01/03 12:0 a.m.32 views

Re: multiple payload handling flaws in isakmpd, again

There is one important thing I forgot to mention. In isakmpd deleting an IPsec SA also means deleting the appropriate IPsec policy in almost any case. Take a look at pfkeyv2deletespi in pfkeyv2.c. It calls pfkeyv2disablesa, the policy eraser ;-, if the SA was not acquired through the kernel: if...

1.4AI score
Exploits0
Rows per page
Query Builder