CVE-2026-9806

CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...

Security update for kubo (moderate)

openSUSE Security Update: Security update for kubo Announcement ID: openSUSE-SU-2025:0347-1 Rating: moderate References: 1241776 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUSE...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.18 (SUSE-SU-2025:02515-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02515-1 advisory. - CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during...

SUSE SLES15 Security Update : docker (SUSE-SU-2025:02289-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02289-2 advisory. Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentia...

SUSE-SU-2025:02289-1 Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.bsc1239765 - CVE-2025-22872:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2025:02289-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02289-1 advisory. Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-0495: Fixed credential leakage to...

Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241781 This update to version 1.31.9 jscPED-11105 Find full changelog...

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1011 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly bei...

Amazon Linux 2 : ecs-init (ALASECS-2025-065)

The version of ecs-init installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-065 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-981)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-981 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-979)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-979 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

Important: nerdctl

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-063)

The version of runfinch-finch installed on the remote host is prior to 1.8.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-063 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

CBL Mariner 2.0 Security Update: cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device-plugin (CVE-2025-22872)

The version of cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device- plugin installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22872 advisory. - The...

GHSA-VVGC-356P-C3XW golang.org/x/net vulnerable to Cross-site Scripting

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

golang.org/x/net vulnerable to Cross-site Scripting

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...