Lucene search
K

264 matches found

Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1552)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1552 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Amazon Linux 2023 : docker (ALAS2023-2026-1571)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1571 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1573)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1573 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1535)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1535 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: amazon-cloudwatch-agent

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/04/11 2:3 p.m.3 views

OESA-2026-1851 golang security update

. Security Fixes: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable...

6.1CVSS7.1AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/04/11 2:3 p.m.8 views

OESA-2026-1850 golang security update

. Security Fixes: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable...

6.1CVSS7.1AI score0.00328EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/08 7:51 a.m.4 views

WordPress Pinterest Site Verification plugin using Meta Tag plugin <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'postvar' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Pinterest Site Verification plugin using Meta Tag versions = 1.8...

6.4CVSS5.9AI score0.002EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.1AI score0.00728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.17 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1482)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1482 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References8
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: golang

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/03/19 12:0 a.m.10 views

Medium: golang

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.8AI score0.00728EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24608

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

7.5CVSS5.7AI score0.00328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with...

6.1CVSS7.6AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 10:16 p.m.9 views

AZL-79640 CVE-2026-27142 affecting package python-tensorboard 2.16.2-6

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 10:16 p.m.5 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 10:16 p.m.8 views

AZL-79634 CVE-2026-27142 affecting package msft-golang 1.24.13-1

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.9 views

AZL-79619 CVE-2026-27142 affecting package golang 1.22.7-5

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder