Lucene search
K

264 matches found

Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.21 views

Important: soci-snapshotter

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
OSV
OSV
added 2026/05/11 5:44 a.m.5 views

BIT-GOLANG-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.10 views

SUSE CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.22 views

Linux Distros Unpatched Vulnerability : CVE-2026-39823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces...

6.1CVSS7AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 9:30 p.m.21 views

EUVD-2026-28424

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 8:16 p.m.16 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS0.00314EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 8:16 p.m.5 views

UBUNTU-CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.9 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00328EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.8 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 7:21 p.m.15 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the UR...

6.1CVSS7AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:21 p.m.15 views

GO-2026-4982 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/05/07 12:0 a.m.18 views

www/gohugo -- CWE-79: XSS vulnerabilities

https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to...

6.1CVSS7.5AI score0.00371EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from incorrect escaping of URLs in the content attribute of meta tags, potentially leadin...

6.1CVSS5.7AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-38565

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
OSV
OSV
added 2026/04/17 1:3 p.m.7 views

OESA-2026-1980 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the valu...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 1:3 p.m.14 views

OESA-2026-1979 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 1:3 p.m.12 views

OESA-2026-1978 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 1:3 p.m.11 views

OESA-2026-1977 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the valu...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 11:54 p.m.11 views

EUVD-2026-22816

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00206EPSS
Exploits1References2
Rows per page
Query Builder