Lucene search
K

46 matches found

RedHat Linux
RedHat Linux
added 2 days ago4 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00813EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago5 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.5AI score0.00178EPSS
Exploits0References8
OSV
OSV
added 2026/06/11 3:29 p.m.3 views

OPENSUSE-SU-2026:20956-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267047. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.5AI score0.00781EPSS
Exploits0References26
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:11 a.m.25 views

Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:9 a.m.13 views

Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:6 a.m.13 views

Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

...

6.5CVSS5.8AI score0.00248EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 5:42 p.m.10 views

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 3:1 p.m.90 views

CVE-2026-42502

Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5030 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 4 : Red Hat build of MicroShift 4.14.0 (RHSA-2023:5008)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5008 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin...

8CVSS6.8AI score0.02157EPSS
Exploits1References61
Amazon
Amazon
added 2026/02/18 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

10CVSS7.2AI score0.01945EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.5 views

golang.org/x/net/html has a Quadratic Parsing Complexity issue

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to Denial of Service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.3AI score0.00502EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-58190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an...

5.3CVSS6.8AI score0.00482EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-47911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an...

5.3CVSS6.8AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76901 CVE-2025-58190 affecting package cni-plugins 1.4.0-4

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-77000 CVE-2025-58190 affecting package keda 2.14.1-9

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-77102 CVE-2025-58190 affecting package telegraf 1.31.0-12

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76889 CVE-2025-58190 affecting package cloud-provider-kubevirt 0.5.1-2

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

AZL-76980 CVE-2025-58190 affecting package packer for versions less than 1.9.5-18

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.4 views

AZL-76851 CVE-2025-58190 affecting package cri-tools for versions less than 1.29.0-9

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
Rows per page
Query Builder