Common Vulnerabilities and Exposures (CVE)

CVE-2025-61726

Jul 15, 2026 11:50:08 UTC

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can par...

CVE-2026-33186

Jul 15, 2026 11:50:01 UTC

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, ...

CVE-2026-12143

Jul 15, 2026 11:49:56 UTC

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without...

CVE-2025-69223

Jul 15, 2026 11:49:52 UTC

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that whe...

CVE-2026-34986

Jul 15, 2026 11:49:48 UTC

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0...

CVE-2026-39835

Jul 15, 2026 11:49:44 UTC

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these ca...

CVE-2026-45736

Jul 15, 2026 11:49:41 UTC

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is f...

CVE-2026-33811

Jul 15, 2026 11:49:38 UTC

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

CVE-2026-33810

Jul 15, 2026 11:49:35 UTC

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certi...

CVE-2026-32283

Jul 15, 2026 11:49:31 UTC

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS ...

CVE-2026-32280

Jul 15, 2026 11:49:28 UTC

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct user...

CVE-2026-25679

Jul 15, 2026 11:49:22 UTC

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

CVE-2026-27137

Jul 15, 2026 11:49:17 UTC

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last...

CVE-2026-39830

Jul 15, 2026 11:49:13 UTC

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connectio...

CVE-2026-42997

Jul 15, 2026 11:49:10 UTC

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides ac...