Astra Linux - уязвимость в golang-1.19

Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...

Astra Linux - уязвимость в golang-1.19

The ParseAddressList function improperly handles comments text within parentheses within display names. Since this contradicts conforming address parsers, it can lead to different trust decisions being made by programs that use different parsers...

Astra Linux - уязвимость в golang-golang-x-net, golang-1.19

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

Astra Linux - уязвимость в golang-1.19

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

UBUNTU-CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

Linux Distros Unpatched Vulnerability : CVE-2025-61731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The cgo pkg-config:...

CVE-2026-22788

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

CVE-2026-22789 WebErpMesv2 has a File Upload Validation Bypass Leading to RCE

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...

EUVD-2026-1999

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

CVE-2026-22788

WebErpMesv2 (Resource Management/MES Web) before version 1.19 exposes multiple sensitive API endpoints without authentication. An unauthenticated remote attacker can read business-critical data (companies, quotes, orders, tasks, whiteboards) and have limited write access to create company records...

WebErpMesv2 访问控制错误漏洞

WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. An Access Control Error vulnerability exists in WebErpMesv2 versions prior to 1.19 that stems from multiple sensitive API endpoints that do not utilize authentication middleware,...

EUVD-2017-11406

Malware in sbrugna...

PT-2025-42740

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The software exhibits quadratic complexity when checking name constraints in X.509 certificate validation. This can lead to performance issues during certificate verification. Recommendatio...

PT-2025-42743

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The software experiences quadratic complexity during the parsing of certain invalid inputs when handling PEM encoded data. This can lead to performance issues. Recommendations Update to a...

UBUNTU-CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

CVE-2024-9219

The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress plugin WordPress Social Share Buttons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-39498 · WordPress · Wordpress Social Share Buttons

Name of the Vulnerable Software and Affected Versions: WordPress Social Share Buttons plugin versions up to, and including, 1.19 Description: The WordPress Social Share Buttons plugin is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on t...