SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1862-1 advisory. This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

Security update for go1.26

This update for go1.26 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

SUSE-SU-2026:1861-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

BIT-GOLANG-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-39826

CVE-2026-39826 corresponds to an escaper bypass in Go’s html/template that can allow data inside a [removed] block to be incorrectly escaped if a trusted template author uses a [removed] tag with an empty or whitespace-only type attribute. This is described across multiple feeds (NVD, EUVD, Debia...

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

BIT-ENVOY-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309

Envoy CVE-2026-26309 describes an off-by-one write in Envoy::JsonEscaper::escapeString() that can corrupt std::string null-termination, causing undefined behavior and potentially crashes or out-of-bounds reads when treated as a C-string. Affected before 1.37.1, 1.36.5, 1.35.8, 1.34.13. The vulner...

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

PT-2026-24378

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. An off-by-one write in the...

Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to not using context-appropriate escaping mechanisms with Zend\Escaper when escaping HTML, HTML attributes, and/or URLs, which could potentially be exploited to perform XSS attacks...

GHSA-5GMF-3C43-Q73V ZendFramework vulnerable to Cross-site Scripting

Zend\Debug, Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone were not using Zend\Escaper when escaping HTML, HTML attributes, and/or...

ZendFramework vulnerable to Cross-site Scripting

Zend\Debug, Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone were not using Zend\Escaper when escaping HTML, HTML attributes, and/or...

GHSA-2M7X-C7PX-HP58 Server Side Template Injection (SSTI) via Twig escape handler

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Details https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.phpL99 php / Defines a new escaper to be used via the esca...