Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in containerd-app

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:10 a.m.18 views

Invoking duplicate attributes can cause XSS in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:5 a.m.14 views

Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 5:42 p.m.10 views

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...

8.1CVSS5.7AI score0.00178EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 5:42 p.m.14 views

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...

6.1CVSS5.7AI score0.00178EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.16 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.21 views

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.81 views

CVE-2026-25681

CVE-2026-25681 affects the golang.org/x/net/html component. The root cause is an incorrect handling of character references in DOCTYPE nodes, which can cause an unexpected HTML tree when rendering and potentially enable XSS in applications that sanitize input HTML before rendering. The descriptio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.6 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.178 views

CVE-2026-25680

CVE-2026-25680 affects the Go ecosystem’s HTML parser in golang.org/x/net/html. Description: parsing arbitrary HTML can cause excessive CPU time, potentially leading to denial of service. CVSSv3.1 base score 6.5 (Network, Low attack complexity, User interaction required, Availability impact). Con...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-76830 CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76863 CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.2AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 5:48 p.m.72 views

CVE-2025-47911

The IBM Security Bulletin for ELM on Hybrid Cloud notes CVE-2025-47911 affects the underlying golang.org/x/net/html html.Parse function, which can exhibit quadratic parsing behavior on carefully crafted HTML inputs and may enable DoS. Affected product versions are ELM on Hybrid Cloud 1.0.0 to 1.3...

5.3CVSS8AI score0.00502EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/05 5:48 p.m.67 views

CVE-2025-58190

CVE-2025-58190 affects the html.Parse function in golang.org/x/net/html. The vulnerability is an infinite parsing loop triggered by certain inputs, leading to denial of service (DoS). The connected advisories confirm the issue but do not specify a patched version or remediation in the provided do...

5.3CVSS8.1AI score0.00482EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/02/05 5:23 p.m.6 views

Infinite loop

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting special...

6.9CVSS8.2AI score0.00482EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.7 views

openSUSE 16 Security Update : go-sendxmpp (openSUSE-SU-2026:20058-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20058-1 advisory. Changes in go-sendxmpp: - Update to 0.15.1: Added Add XEP-0359 Origin-ID to messages requires go-xmpp = v0.2.18. Changed HTTP upload: Ignore...

6.5CVSS7.5AI score0.00502EPSS
Exploits1References9
OPENSUSE Linux
OPENSUSE Linux
added 2025/09/13 12:0 a.m.7 views

Security update for kubo (moderate)

openSUSE Security Update: Security update for kubo Announcement ID: openSUSE-SU-2025:0347-1 Rating: moderate References: 1241776 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUSE...

6.3CVSS6.7AI score0.00478EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/01/09 8:0 a.m.4 views

Non-linear parsing of case-insensitive content in golang.org/x/net/html

...

7.5CVSS6.9AI score0.00856EPSS
Exploits0
Rows per page
Query Builder