Search Results (363426 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2584 1 Protocol 1 Go-codec-dagpb 2025-04-11 7.5 High
The dag-pb codec can panic when decoding invalid blocks.
CVE-2022-2583 1 Gobase Project 1 Gobase 2025-04-11 3.7 Low
A race condition can cause incorrect HTTP request routing.
CVE-2022-2582 1 Amazon 1 Aws Software Development Kit 2025-04-11 4.3 Medium
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
CVE-2021-4238 2 Goutils Project, Redhat 5 Goutils, Openshift, Openshift Data Foundation and 2 more 2025-04-11 9.1 Critical
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
CVE-2021-4236 1 Web Project 1 Web 2025-04-11 9.8 Critical
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
CVE-2021-4235 2 Redhat, Yaml Project 3 Openshift, Openshift Data Foundation, Yaml 2025-04-11 5.5 Medium
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
CVE-2020-36567 2 Gin-gonic, Redhat 3 Gin, Migration Toolkit Applications, Rhmt 2025-04-11 7.5 High
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
CVE-2020-36566 1 Tar-utils Project 1 Tar-utils 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36564 1 Nosurf Project 1 Nosurf 2025-04-11 7.5 High
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
CVE-2020-36563 1 Robotsandpencils 1 Go-saml 2025-04-11 5.3 Medium
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
CVE-2020-36562 1 Dht Project 1 Dht 2025-04-11 7.5 High
Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.
CVE-2020-36561 1 Unzip Project 1 Unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36560 1 Go-unzip Project 1 Go-unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36559 1 Aahframework 1 Aah 2025-04-11 7.5 High
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
CVE-2019-25072 1 Tendermint 1 Tendermint 2025-04-11 7.5 High
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
CVE-2016-15005 1 Golf Project 1 Golf 2025-04-11 8.8 High
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
CVE-2024-55070 1 Mealie 1 Mealie 2025-04-11 3.1 Low
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.
CVE-2025-2831 1 Mingyuefusu 1 Library Management System 2025-04-11 6.3 Medium
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-27294 1 Danielparks 1 Dp-golang 2025-04-11 7.3 High
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group
CVE-2018-25049 1 Email-existence Project 1 Email-existence 2025-04-11 3 Low
A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.