Lucene search
+L

773 matches found

redhat
redhat
added 2026/06/03 8:19 a.m.19 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
nessus
nessus
added 2026/06/03 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-44574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect...

8.1CVSS5.8AI score0.00485EPSS
Exploits2References2
nvd
nvd
added 2026/05/29 11:16 a.m.20 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00196EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/29 9:30 a.m.54 views

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00196EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/29 9:30 a.m.10 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/29 9:12 a.m.15 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
cve
cve
added 2026/05/29 6:58 a.m.40 views

CVE-2026-4776

An SQL injection in Mautic’s API contact filtering was reported. The flaw arises from insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to bypass input filtering and inject arbitrary SQL commands. Documents do not specify affected versions, exact v...

7.1CVSS6AI score0.00224EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.10 views

PT-2026-44757

Name of the Vulnerable Software and Affected Versions Mautic affected versions not specified Description An SQL injection occurs in the API contact filtering mechanism. This issue arises from insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to...

7.1CVSS6.1AI score0.00224EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.22 views

PT-2026-44797

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
nessus
nessus
added 2026/05/27 12:0 a.m.25 views

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-123 (ALASDOCKER-2026-123)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-123 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
amazon
amazon
added 2026/05/26 12:0 a.m.16 views

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
osv
osv
added 2026/05/25 2:0 p.m.11 views

EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney

Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the...

6.8CVSS6.2AI score0.00421EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.23 views

PT-2026-42673

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A reflected Cross-Site Scripting XSS issue exists in the Page Leaving Warning page. The application reads the ncRedirectUrl and ncBackUrl query parameters from the route query without proper...

6.1CVSS6AI score0.00156EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.11 views

PT-2026-42611

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

6.1CVSS6AI score
Exploits0References3
redhat
redhat
added 2026/05/20 1:36 p.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
redhat
redhat
added 2026/05/20 1:17 p.m.31 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
redhat
redhat
added 2026/05/20 11:57 a.m.11 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox versions earlier than 110...

8.8CVSS7.2AI score0.00557EPSS
Exploits0References2
redhat
redhat
added 2026/05/19 4:21 p.m.20 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
github
github
added 2026/05/19 3:49 p.m.75 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder