Lucene search
+L

775 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 4:21 p.m.21 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/19 3:49 p.m.75 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 1:37 p.m.19 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
OSV
OSV
added 2026/05/14 10:33 p.m.9 views

SUSE-SU-2026:1861-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References25
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 11:11 a.m.30 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

8.6CVSS7AI score0.01945EPSS
Exploits3Affected Software1
NVD
NVD
added 2026/05/13 5:16 p.m.21 views

CVE-2026-44574

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS0.00496EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:56 p.m.13 views

CVE-2026-44574

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 4:56 p.m.38 views

CVE-2026-44574 Next.js: Middleware / Proxy bypass through dynamic route parameter injection

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS0.00496EPSS
Exploits2References1
CVE
CVE
added 2026/05/13 4:56 p.m.61 views

CVE-2026-44574

CVE-2026-44574 affects Next.js versions 15.4.0 up to but not including 15.5.16 and 16.2.5. The issue: applications using middleware to protect dynamic routes can be bypassed via specially crafted query parameters that alter the dynamic route value seen by the page while the visible path remains u...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/13 3:39 p.m.16 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.1AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/13 1:56 a.m.18 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.2AI score0.01945EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.4.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the use of middleware that protects dynamic routes. In this scenario, specially crafted query paramete...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

cPanel 注入漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability known as “injection attack,” which stems from improper cleaning of the status query parameters in the...

8.3CVSS5.9AI score0.00301EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

mem0 server lacks authentication and authorization controls for its memory deletion API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

6.5CVSS6AI score0.00386EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.6 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40128

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0 Description The server lacks authentication and authorization controls for the 'DELETE /memories' API endpoint. This allows unauthenticated remote attackers to delete memory records by specifying arbitrary identifiers such a...

6.5CVSS6AI score0.00386EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.37 views

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

0.00386EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

6.5CVSS6.1AI score0.00386EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
CVE
CVE
added 2026/05/11 2:52 p.m.13 views

CVE-2026-42841

Grav CMS stores image attributes via Markdown media action parameters. Before 2.0.0-beta.2, an authenticated page editor could inject a JavaScript event handler by calling attribute(name, value) through image query parameters (e.g., ?attribute=onload,alert(...)). The attack results in a stored XS...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder