|
3631
|
5.3 |
MEDIUM
Network
|
golang
|
crypto
|
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39835
|
2026-05-28 23:56 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3632
|
9.1 |
CRITICAL
Network
|
golang
|
crypto
|
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42508
|
2026-05-28 23:47 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3633
|
10.0 |
CRITICAL
Network
|
golang
|
crypto
|
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46595
|
2026-05-28 23:44 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3634
|
7.5 |
HIGH
Network
|
golang
|
crypto
|
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-46597
|
2026-05-28 23:44 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3635
|
5.3 |
MEDIUM
Network
|
golang
|
crypto
|
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-46598
|
2026-05-28 23:34 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3636
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…
|
CWE-401
CWE-404
Missing Release of Memory after Effective Lifetime
Improper Resource Shutdown or Release
|
CVE-2026-9572
|
2026-05-28 23:32 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3637
|
5.3 |
MEDIUM
Network
|
rexxars
|
eventsource-encoder
|
eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…
|
CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting
|
CVE-2026-44214
|
2026-05-28 23:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3638
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer ove…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-9605
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3639
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can …
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9581
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3640
|
7.5 |
HIGH
Network
|
archive\
|
\
|
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), …
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-9538
|
2026-05-28 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
