alloy-1.17.0-1.1 on GA media (moderate)

alloy-1.17.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11053-1 Rating: moderate Cross-References: CVE-2026-25680 CVE-2026-25681 CVE-2026-33532 CVE-2026-39821 CVE-2026-39827 CVE-2026-39830 CVE-2026-39831 CVE-2026-39834 CVE-2026-44740 CVE-2026-45678 CVE-2026-45682 CVE-2026-45685...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-110 (ALASNITRO-ENCLAVES-2026-110)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-110 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-129 (ALASDOCKER-2026-129)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-129 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

Security update for yq (important)

openSUSE security update: security update for yq ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20892-1 Rating: important References: bsc1241719 bsc1251339 bsc1251540 bsc1266248 bsc1267053 bsc1267199 Cross-References: CVE-2024-45338 CVE-2025-22872...

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-25681)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-25681 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

CVE-2026-25681 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-25681 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-25681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

CVE-2026-25681

creationtimestamp| type| source ---|---|--- 2026-05-22 16:34:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmhegg6jw22r 2026-06-01 15:32:16+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnafjazque2y...

DEBIAN-CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Alibaba Cloud Linux 3 : 0009: dnsmasq (ALINUX3-SA-2021:0009)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0009 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25681: A flaw was found in dnsmas...

CVE-2022-25681

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2023-25681

creationtimestamp| type| source ---|---|--- 2024-03-05 21:26:31+00:00| seen| https://t.me/ctinow/200702 2024-03-05 21:26:43+00:00| seen| https://t.me/ctinow/200711...

CVE-2023-25681

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID...

CVE-2023-25681

IBM Spectrum Virtualize 8.5 (CVE-2023-25681) permits LDAP-authenticated users configured for MFA to access the CIM interface using only a username and password, bypassing MFA. The issue affects CIM authentication and does not apply to local MFA users or SSO-enabled remote users. Red Hat and CVE l...

NewStart CGSL MAIN 6.06 : dnsmasq Multiple Vulnerabilities (NS-SA-2023-0078)

The remote NewStart CGSL host, running version MAIN 6.06, has dnsmasq packages installed that are affected by multiple vulnerabilities: - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. A...

Oracle Linux 7 : dnsmasq (ELSA-2023-12972)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12972 advisory. - Fixed heap-based buffer overflow in sortrrset CVE-2020-25681 Orabug: 35904921 Tenable has extracted the preceding description block directly from th...

dnsmasq security update

2.76-17.0.3.3 - Fixed heap-based buffer overflow in sortrrset CVE-2020-25681 Orabug: 35904921 - Fixed buffer overflow in extractname CVE-2020-25682 Orabug: 35904921...