Lucene search
+L

389 matches found

osv
osv
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22572-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...

9.8CVSS7AI score0.00939EPSS
Exploits0References53
redhat
redhat
added 2026/06/04 12:43 p.m.3 views

html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

A flaw was found in the html/template package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign = within a URL's content attribute inside a tag. This improper escaping could lead to Cross-Site Scripting XSS, allowing the attacker to...

6.1CVSS6.1AI score0.00314EPSS
Exploits0References8
redhat
redhat
added 2026/06/04 12:43 p.m.3 views

html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting XSS. An...

6.1CVSS6.2AI score0.00371EPSS
Exploits0References8
redhat
redhat
added 2026/06/04 12:39 p.m.2 views

html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

A flaw was found in the html/template package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign = within a URL's content attribute inside a tag. This improper escaping could lead to Cross-Site Scripting XSS, allowing the attacker to...

6.1CVSS6.1AI score0.00314EPSS
Exploits0References8
redhat
redhat
added 2026/06/04 12:39 p.m.2 views

html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting XSS. An...

6.1CVSS6.2AI score0.00371EPSS
Exploits0References8
mozilla
mozilla
added 2026/06/01 12:0 a.m.27 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

5.4CVSS6AI score0.00157EPSS
Exploits0References2Affected Software1
suse
suse
added 2026/05/27 11:54 a.m.10 views

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" do...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References50
osv
osv
added 2026/05/27 11:53 a.m.18 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
osv
osv
added 2026/05/26 2:54 p.m.8 views

SUSE-SU-2026:2078-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
ibm
ibm
added 2026/05/21 3:34 p.m.17 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...

6.1CVSS7.1AI score0.00328EPSS
Exploits0Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Golang-1.19

The html/template package does not properly handle HTML-like “” comment tokens, nor hashbang “!” comment tokens, in contexts. This may cause the template parser to incorrectly interpret the contents of contexts, resulting in actions being incorrectly escaped. This could be exploited to carry out ...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References2
redhat
redhat
added 2026/05/19 6:26 p.m.4 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References8
osv
osv
added 2026/05/17 8:17 p.m.9 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
osv
osv
added 2026/05/17 8:16 p.m.7 views

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References24
nessus
nessus
added 2026/05/16 12:0 a.m.21 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1862-1 advisory. This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References36
suse
suse
added 2026/05/14 10:34 p.m.8 views

Security update for go1.25

This update for go1.25 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References48
suse
suse
added 2026/05/14 10:33 p.m.10 views

Security update for go1.26

This update for go1.26 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References48
osv
osv
added 2026/05/11 5:44 a.m.5 views

BIT-GOLANG-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References5
osv
osv
added 2026/05/11 5:44 a.m.5 views

BIT-GOLANG-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/07 7:41 p.m.6 views

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

5.9AI score0.00371EPSS
Exploits0References4
Rows per page
Query Builder