Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

718 matches found

OSV
OSVadded 2026/04/24 3:16 a.m.3 views

DEBIAN-CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.3AI score0.0007EPSS
Exploits0References1
NVD
NVDadded 2026/04/24 3:16 a.m.3 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS0.0007EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/24 1:46 a.m.1 views

EUVD-2026-25374

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.3AI score0.0007EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/04/24 1:46 a.m.1 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.8AI score0.0007EPSS
Exploits0
CVE
CVEadded 2026/04/24 1:46 a.m.13 views

CVE-2026-32952

CVE-2026-32952 affects the Go package go-ntlmssp. Before version 0.1.1, a malformed NTLM challenge message can trigger a slice-out-of-bounds panic in ntlmssp.Negotiator when used as an HTTP transport, potentially crashing the Go process. The issue is fixed in version 0.1.1. Affected components ar...

7.5CVSS5.7AI score0.0007EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/04/23 9:21 p.m.2 views

GHSA-PJCQ-XVWQ-HHPJ go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.8AI score0.0007EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/23 9:21 p.m.7 views

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.2AI score0.0007EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34821

Name of the Vulnerable Software and Affected Versions go-ntlmssp versions prior to 0.1.1 Description A malicious NTLM challenge message can cause a slice out of bounds panic, leading to a crash of any Go process utilizing ntlmssp.Negotiator as an HTTP transport. Recommendations Update to version...

7.5CVSS5AI score0.0007EPSS
Exploits0References18
Fedora
Fedoraadded 2026/04/22 7:50 a.m.2 views

[SECURITY] Fedora 43 Update: jq-1.8.1-3.fc43

lightweight and flexible command-line JSON processor jq is like sed for JSON data =E2=80=93 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime...

8.2CVSS5.3AI score0.00072EPSS
Exploits4
SUSE CVE
SUSE CVEadded 2026/04/20 11:27 p.m.3 views

SUSE CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00072EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2026/04/20 11:26 p.m.2 views

SUSE CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2026/04/20 11:26 p.m.3 views

SUSE CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/04/20 1:8 p.m.2 views

CVE-2026-35215

A flaw was found in Firebird. In the sdldesc function, a division by zero vulnerability exists due to improper validation of the length of a decoded SDL descriptor from a slice packet. An unauthenticated attacker can exploit this by sending a specially crafted slice packet, leading to a server...

7.5CVSS5.8AI score0.00165EPSS
Exploits1References2
NVD
NVDadded 2026/04/17 8:16 p.m.0 views

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS0.00165EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/04/17 7:35 p.m.1 views

CVE-2026-33337

A flaw was found in Firebird, an open-source relational database management system. When processing a slice packet, the xdrdatum function fails to validate the length of a cstring, which can lead to a buffer overflow. An unauthenticated attacker can exploit this vulnerability by sending a special...

7.5CVSS6.1AI score0.00127EPSS
Exploits1References2
NVD
NVDadded 2026/04/17 7:16 p.m.0 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS0.00127EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/17 6:59 p.m.0 views

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/04/17 6:59 p.m.2 views

CVE-2026-35215

CVE-2026-35215 – Firebird DoS via crafted slice packet Firebird, an open-source RDBMS, has a vulnerability in the sdl_desc() function across affected series prior to 5.0.4, 4.0.7, and 3.0.14. The function does not validate the length of a decoded SDL descriptor from a slice packet; a zero-length ...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVEadded 2026/04/17 6:59 p.m.1 views

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.3AI score0.00165EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2026/04/17 6:59 p.m.0 views

CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References4
Rows per page
Query Builder