Lucene search
K

57 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting XSS attacks in applications. Such attacks can result in information...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday6 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.6AI score0.00178EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 3:16 p.m.5 views

UBUNTU-CVE-2026-57434

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:16 p.m.3 views

UBUNTU-CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:33 p.m.6 views

CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.8AI score0.00312EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 2:32 p.m.6 views

CVE-2026-57434

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...

7.5CVSS5.9AI score0.00357EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 2:31 p.m.6 views

CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS5.9AI score0.00331EPSS
Exploits0
CVE
CVE
added 2026/05/22 3:1 p.m.96 views

CVE-2026-42502

Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 2:46 a.m.9 views

GO-2026-5030 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 9:29 p.m.3 views

CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS5.7AI score0.00382EPSS
Exploits1References5
OSV
OSV
added 2026/02/12 10:6 p.m.5 views

GHSA-W4GW-W5JQ-G9JH golang.org/x/net/html has a Quadratic Parsing Complexity issue

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to Denial of Service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References6
OSV
OSV
added 2026/02/05 6:16 p.m.9 views

AZL-77049 CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.4 views

AZL-76851 CVE-2025-58190 affecting package cri-tools for versions less than 1.29.0-9

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-77102 CVE-2025-58190 affecting package telegraf 1.31.0-12

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-77019 CVE-2025-47911 affecting package kubevirt 1.6.3-3

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.10 views

AZL-77079 CVE-2025-47911 affecting package terraform for versions less than 1.3.2-29

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.3 views

DEBIAN-CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.9AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:23 p.m.14 views

GO-2026-4441 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.4AI score0.00482EPSS
Exploits1References3
OSV
OSV
added 2026/02/05 5:23 p.m.6 views

GO-2026-4440 Quadratic parsing complexity in golang.org/x/net/html

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS8.2AI score0.00502EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

5.3CVSS7.3AI score0.00482EPSS
Exploits1References4
Rows per page
Query Builder