Lucene search
K

63 matches found

OSV
OSV
added 2026/06/08 1:46 p.m.2 views

CLEANSTART-2026-EA72772 Security fixes for CVE-2024-7598, CVE-2025-13281, CVE-2025-1767, CVE-2025-47911, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, ghsa-4x4m-3c2p-qppc, ghsa-r6j8-c6r2-37rr applied in versions: 2.12.6-r0, 2.12.6-r1

Multiple security vulnerabilities affect the ip-masq-agent package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.01945EPSS
Exploits4References45
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3310 (ALAS-2026-3310)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3310 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.9 views

Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2026-1749)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1749 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

7.5CVSS7.2AI score0.01945EPSS
Exploits3References34
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:34 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...

6.1CVSS7.1AI score0.00328EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/21 8:14 a.m.16 views

CLEANSTART-2026-QL45485 Security fixes for CVE-2025-14847, CVE-2025-58181, CVE-2025-61727, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 7.0.30-r0, 7.0.30-r1, 7.0.31-r0, 7.0.32-r0, 8.2.1-r1

Multiple security vulnerabilities affect the mongodb package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS7.3AI score0.83007EPSS
Exploits39References41
OSV
OSV
added 2026/05/18 1:49 p.m.7 views

CLEANSTART-2026-MW24969 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.1-r2

Multiple security vulnerabilities affect the cass-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.01557EPSS
Exploits3References31
OSV
OSV
added 2026/05/18 1:38 p.m.13 views

CLEANSTART-2026-GN78570 Security fixes for CVE-2025-11579, CVE-2026-1229, CVE-2026-21726, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32282, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-jhf3-xxhw-2wpp, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-x6gf-mpr2-68h6, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.12.1-r2, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.7AI score0.08123EPSS
Exploits4References52
OSV
OSV
added 2026/05/18 1:0 p.m.21 views

CLEANSTART-2026-AQ65185 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32285, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39882, CVE-2026-42499, CVE-2026-42501, CVE-2026-44740, CVE-2026-45022, CVE-2026-4660, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-92mm-2pjq-r785, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-q9hv-hpm4-hj6x, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 0.93.13-r1, 0.96.1-r0, 0.96.1-r1, 0.96.1-r2, 0.96.1-r3, 0.96.1-r4, 0.96.1-r5, 0.96.1-r6

Multiple security vulnerabilities affect the terragrunt-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01557EPSS
Exploits6References81
NVD
NVD
added 2026/05/07 8:16 p.m.16 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS0.00314EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.15 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.39 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

0.00314EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 7:21 p.m.15 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the UR...

6.1CVSS7AI score0.00328EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

SUSE SLES16 Security Update : go1.25 (SUSE-SU-2026:21200-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21200-1 advisory. Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: o...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2026:20496-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20496-1 advisory. Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo ca...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References10
OSV
OSV
added 2026/04/14 3:41 p.m.7 views

SUSE-SU-2026:21195-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6AI score0.00728EPSS
Exploits0References12
OSV
OSV
added 2026/04/14 3:36 p.m.3 views

OPENSUSE-SU-2026:20537-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.7 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-110 (ALASDOCKER-2026-110)

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-110 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.8 views

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-109 (ALASDOCKER-2026-109)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-109 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
Rows per page
Query Builder