Lucene search
K

187 matches found

EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-9616

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 5:33 a.m.25 views

CVE-2026-9616

The CVE concerns the WordPress plugin Generate Security.txt (

4.3CVSS5.8AI score0.0024EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-9616 Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38675

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51697

Name of the Vulnerable Software and Affected Versions Generate Security.txt plugin for WordPress versions prior to 1.0.13 Description The plugin fails to properly verify user authorization for specific actions. This allows authenticated attackers with subscriber-level access or higher to delete t...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/06/15 8:56 p.m.24 views

Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

Summary When running nuxt dev, Nuxt registers an unauthenticated route at /.well-known/appspecific/com.chrome.devtools.json that returns the absolute filesystem path of the project root and a per-project UUID persisted to nodemodules/.cache/nuxt/chrome-workspace.json. The route is enabled by...

5.5AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41642

A flaw was found in GoBGP 4.3.0. A malformed BGP UPDATE with an unrecognized Path Attribute marked as well-known is not rejected cleanly, triggering a nil pointer dereference that crashes the GoBGP daemon. Fixed in GoBGP 4.4.0. Mitigation Upgrade to GoBGP 4.4.0 or later...

7.5CVSS5.9AI score0.00503EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Firefox

Search queries in the default search engine might appear to be the currently navigated URL, provided that the search query itself is a properly formed URL. This could lead to a site spoofing another site, if it was maliciously set as the default search engine. This vulnerability affects Firefox...

3.1CVSS6.1AI score0.00382EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.7 views

SUSE CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 12:16 p.m.9 views

DEBIAN-CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/07 11:50 a.m.6 views

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/07 11:50 a.m.7 views

CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.8AI score0.00503EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/29 8:43 p.m.13 views

GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/29 8:43 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the recvMessageloop process. An attacker can cause the daemon to crash by sending a specially crafted BGP UPDATE message containing an unrecognized Path Attribute marked as "Well-known," which leads to a nil...

8.7CVSS5.8AI score0.00503EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 8:43 p.m.10 views

GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

7.5CVSS5.9AI score0.00503EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-37135

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/22 8:19 p.m.7 views

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection in the serialization of DocumentType nodes when attacker-controlled values are provided to the...

8.7CVSS5.8AI score0.00457EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:17 p.m.7 views

XML Injection

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to XML Injection vi...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:17 p.m.11 views

XML Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the serialized output...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
Rows per page
Query Builder