CVE-2026-5160 affecting package gh for versions less than 2.62.0-15

CVE-2026-5160 affecting package gh for versions less than 2.62.0-15. A patched version of the package is available...

Fedora 44 : vhs (2026-94fbf80bec)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-94fbf80bec advisory. Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 44 : gum (2026-10cf6ce616)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-10cf6ce616 advisory. Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check (IsDangerousURL) before resolving HTML entities. This allows an attacker to bypass protocol filtering by encoding dangerous schemes using HTML5 named character references. For example, a payload such as javascript:alert(1) is not recognized as dangerous during validation, leading to arbitrary script execution in the context of applications that render the URL.

...

CVE-2026-5160

creationtimestamp| type| source ---|---|--- 2026-04-15 08:22:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjhpqp6t72m 2026-04-23 14:15:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675fasgt2h...

DEBIAN-CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

MiracleLinux 7 : libvirt-2.0.0-10.el7 (AXSA:2016-880:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-880:04 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the...

CVE-2025-5160

creationtimestamp| type| source ---|---|--- 2025-05-26 00:46:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17520 2025-05-26 03:35:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lq2ampem2t2s...

CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal

A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The...

CVE-2025-5160

CVE-2025-5160 (H3C SecCenter SMP-E1114P02) affects the Download function at /packetCaptureStrategy/download. The vulnerability arises from manipulation of the Name argument, causing path traversal. It is exploitable remotely, and public exploits have been disclosed. Multiple sources confirm the a...

CVE-2013-5160

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference...

CVE-2019-5160

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized...

Linux Distros Unpatched Vulnerability : CVE-2024-5160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2015-5160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device aka RBD, which allows local users to obtain sensitive...

CVE-2006-5160

creationtimestamp| type| source ---|---|--- 2025-01-17 14:57:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2147...

Microsoft Edge (Chromium) < 125.0.2535.67 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 125.0.2535.67. It is, therefore, affected by multiple vulnerabilities as referenced in the May 16, 2024 advisory. - Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5499. Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5494. Security: backported fix for CVE-2024-5495. Security: backported fix for CVE-2024-5496...

Fedora: Security Advisory (FEDORA-2024-87bb7ffab1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...