Lucene search
+L

173 matches found

CNNVD
CNNVD
added 2026/01/21 12:0 a.m.10 views

Everest-core security vulnerabilities

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the concatenation of integer values with string literals when...

4.2CVSS5.8AI score0.00164EPSS
Exploits1References2
NVD
NVD
added 2026/01/14 4:15 p.m.7 views

CVE-2026-22211

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s...

5.1CVSS0.00159EPSS
Exploits0References3
OSV
OSV
added 2026/01/12 11:15 p.m.7 views

CVE-2026-22213

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen function, which constructs a device path using unbounded user-controlled input. The utility...

9.8CVSS6AI score0.00362EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/12 11:3 p.m.28 views

CVE-2026-22213 RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen function, which constructs a device path using unbounded user-controlled input. The utility...

2.4CVSS0.00362EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/12 11:3 p.m.2 views

CVE-2026-22213 RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen function, which constructs a device path using unbounded user-controlled input. The utility...

2.4CVSS6.8AI score0.00362EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.15 views

PT-2026-2322

Name of the Vulnerable Software and Affected Versions RIOT OS versions up to and including 2026.01-devel-317 Description RIOT OS versions up to and including 2026.01-devel-317 have a stack-based buffer overflow issue in the tapslip6 utility. This is due to unsafe string concatenation within the...

9.8CVSS6.9AI score0.00362EPSS
Exploits1References8
OSV
OSV
added 2025/12/12 12:20 p.m.7 views

OESA-2025-2829 golang security update

. Security Fixes: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References2
NVD
NVD
added 2025/12/12 6:15 a.m.12 views

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS0.00403EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 6:15 a.m.9 views

AZL-72374 CVE-2025-67725 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.4AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 5:49 a.m.9 views

EUVD-2025-203031

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/11 4:50 a.m.7 views

CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.8AI score0.00459EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

TencentOS Server 4: golang (TSSA-2025:0940)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0940 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.3CVSS7.6AI score0.00526EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/05 12:24 a.m.8 views

SUSE CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.9AI score0.00459EPSS
Exploits2References44
OSV
OSV
added 2025/12/04 11:41 a.m.10 views

BIT-GOLANG-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

FreeBSD : go -- excessive resource consumption (245bd19f-d035-11f0-84e9-c7a56e37e3f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 245bd19f-d035-11f0-84e9-c7a56e37e3f0 advisory. The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limi...

7.5CVSS7.6AI score0.00459EPSS
Exploits2References3
OSV
OSV
added 2025/12/02 7:15 p.m.10 views

AZL-78931 CVE-2025-61729 affecting package golang 1.25.7-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References1
NVD
NVD
added 2025/12/02 7:15 p.m.12 views

CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS0.00459EPSS
Exploits2References4
OSV
OSV
added 2025/12/02 7:15 p.m.10 views

AZL-71305 CVE-2025-61729 affecting package msft-golang 1.24.13-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References1
OSV
OSV
added 2025/12/02 7:15 p.m.8 views

AZL-71255 CVE-2025-61729 affecting package golang 1.26.0-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References1
OSV
OSV
added 2025/12/02 7:15 p.m.6 views

UBUNTU-CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References8
Rows per page
Query Builder