Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
go vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2024-23332
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide ou...
Notaryproject Notation-go
9.8
CVSSv3
CVE-2024-22419
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't pro...
Vyperlang Vyper
9.8
CVSSv3
CVE-2024-22916
In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.
Dlink Go-rt-ac750 Firmware 101b03
7.5
CVSSv3
CVE-2023-49568
A denial of service (DoS) vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Appl...
Go-git Project Go-git
9.8
CVSSv3
CVE-2023-49569
A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are us...
Go-git Project Go-git
1 Github repository
6.5
CVSSv3
CVE-2023-49295
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame...
Quic-go Project Quic-go
Quic-go Project Quic-go 0.40.0
6.5
CVSSv3
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an malicious user to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and syst...
Freeipa Freeipa
Freeipa Freeipa 4.11.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
4.9
CVSSv3
CVE-2020-26630
A Time-Based SQL Injection vulnerability exists in Hospital Management System V4.0 which can allow an malicious user to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an ad...
Phpgurukul Hospital Management System 4.0
7.5
CVSSv3
CVE-2024-21664
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability ...
Lestrrat-go Jwx
6.1
CVSSv3
CVE-2023-6627
The WP Go Maps (formerly WP Google Maps) WordPress plugin prior to 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
Codecabin Wp Go Maps
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »