Lucene search
K

377 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux - Vulnerability in Golang-1.19

The html/template package does not properly handle HTML-like “” comment tokens, nor hashbang “!” comment tokens, in contexts. This may cause the template parser to incorrectly interpret the contents of contexts, resulting in actions being incorrectly escaped. This could be exploited to carry out ...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References2
Mozilla
Mozilla
added 2026/06/01 12:0 a.m.20 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

5.4CVSS6AI score0.00157EPSS
Exploits0References2Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/27 11:54 a.m.9 views

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" do...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References50
OSV
OSV
added 2026/05/27 11:53 a.m.16 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
OSV
OSV
added 2026/05/26 2:54 p.m.4 views

SUSE-SU-2026:2078-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:34 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...

6.1CVSS7.1AI score0.00328EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/17 8:17 p.m.7 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
OSV
OSV
added 2026/05/17 8:16 p.m.6 views

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.20 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1862-1 advisory. This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References36
SUSE Linux
SUSE Linux
added 2026/05/14 10:34 p.m.8 views

Security update for go1.25

This update for go1.25 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References48
SUSE Linux
SUSE Linux
added 2026/05/14 10:33 p.m.10 views

Security update for go1.26

This update for go1.26 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References48
OSV
OSV
added 2026/05/11 5:44 a.m.5 views

BIT-GOLANG-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References5
OSV
OSV
added 2026/05/11 5:44 a.m.5 views

BIT-GOLANG-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.6 views

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

5.9AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.41 views

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

0.00371EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.13 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

7.3AI score0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.39 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

0.00314EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 7:21 p.m.15 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the UR...

6.1CVSS7AI score0.00328EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 7:21 p.m.9 views

Improper Encoding or Escaping of Output

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report: If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type'...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:21 p.m.13 views

GO-2026-4982 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References3
Rows per page
Query Builder