Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42506)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42506 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

Linux Distros Unpatched Vulnerability : CVE-2026-25680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2026-25681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

Linux Distros Unpatched Vulnerability : CVE-2026-42502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

Inefficient Algorithmic Complexity

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

UBUNTU-CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

UBUNTU-CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-42506

CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...

GO-2026-5027 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from parsing arbitrary HTML and using Render for rendering, which may lead ...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from parsing arbitrary HTML and using Render for rendering, which may lead ...

PT-2026-42783

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Parsing arbitrary HTML that is subsequently rendered using the Render function can lead to the creation of an unexpected HTML tree. This behavior can be exploite...

Amazon Linux 2023 : yq (ALAS2023-2026-1582)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...