82 matches found
ROOT-APP-GOBINARY-CVE-2026-42502 CVE-2026-42502 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42502 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-25681 CVE-2026-25681 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-25681 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39821 CVE-2026-39821 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-39821 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42506 CVE-2026-42506 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42506 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-22870 CVE-2025-22870 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2025-22870 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2682-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2682-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2026:2643-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2643-1 advisory. This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385:...
SUSE-SU-2026:2493-1 Security update for containerized-data-importer
This update for containerized-data-importer fixes the following issues: - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110, post-v1.65.0. Fixed by this update: google.golang.org/grpc 1.65.0 - 1.79.3: bsc1260295...
SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...
Astra Linux – Vulnerability in golang-golang-x-net
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop by using crafted ParseFragment inputs...
Astra Linux – Vulnerability in golang-golang-x-net, containerd-app
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...
CVE-2026-42507
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...
Security update for apptainer (important)
openSUSE security update: security update for apptainer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20888-1 Rating: important References: bsc1266656 Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4...
openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20834-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20834-1 advisory. Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,...
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
...
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...