Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / golang

golang

207 tracked vulnerabilities.

CVE-2026-42501 HIGH

Malicious module proxy can bypass checksum database in cmd/go

CVE-2026-42499 HIGH

Quadratic string concatenation in consumePhrase in net/mail

CVE-2026-39836 HIGH

Panic in Dial and LookupPort when handling NUL byte on Windows in net

CVE-2026-39826 MEDIUM

Escaper bypass leads to XSS in html/template

CVE-2026-39825 MEDIUM

ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

CVE-2026-39823 MEDIUM

Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-39820 HIGH

Quadratic string concatentation in consumeComment in net/mail

CVE-2026-39819 MEDIUM

Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

CVE-2026-39817 MEDIUM

Invoking "go tool pack" does not sanitize output paths in cmd/go

CVE-2026-33814 HIGH

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

CVE-2026-33811 HIGH

Crash when handling long CNAME response in net

CVE-2026-6863 MEDIUM

HTTP Filestore Endpoints Misapply Permissions Across Organizations

CVE-2026-7573 MEDIUM

GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations

CVE-2026-7572 MEDIUM

Velociraptor EVTX Parser — Process Crash via Crafted .evtx File

CVE-2026-33813 HIGH

Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

CVE-2026-33812 MEDIUM

Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

CVE-2026-6290 HIGH

Velociraptor Query() Plugin Misapplies Permissions To Orgs

CVE-2026-33810 HIGH

Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

CVE-2026-32289 MEDIUM

JsBraceDepth Context Tracking Bugs (XSS) in html/template

CVE-2026-32288 MEDIUM

Unbounded allocation for old GNU sparse in archive/tar

CVE-2026-32283 HIGH

Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

CVE-2026-32282 MEDIUM

TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

CVE-2026-32281 HIGH

Inefficient policy validation in crypto/x509

CVE-2026-32280 HIGH

Unexpected work during chain building in crypto/x509

CVE-2026-27144 HIGH

Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Page 1 of 9 Next

Products

go 169 velociraptor 7 crypto 6 net 6 http2 5 image 5 text 4 ssh 3 networking 2 tiff 2 glog 1 h2c 1 hpack 1 package_ssh 1 protobuf 1 vscode-go 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy