Lucene search
K

377 matches found

OSV
OSV
added 2026/03/20 3:6 p.m.7 views

SUSE-SU-2026:0947-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS7.3AI score0.00765EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.11 views

openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20342-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20342-1 advisory. Changes in go1.26: go1.26.1 released 2026-03-05 includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as...

7.5CVSS6.1AI score0.00728EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2026/03/11 6:35 p.m.5 views

Security update for go1.26

This update for go1.26 fixes the following issues: Update to go1.26.1 bsc1255111: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509: panic in name constraint...

8.7CVSS5.8AI score0.00728EPSS
Exploits0References22
SUSE Linux
SUSE Linux
added 2026/03/11 6:34 p.m.9 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. CVE-2026-27142: html/template: URLs in meta content attribute actions are...

5.4CVSS5.8AI score0.00728EPSS
Exploits0References14
OSV
OSV
added 2026/03/11 6:34 p.m.4 views

SUSE-SU-2026:0875-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content attribute actio...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/03/11 9:9 a.m.12 views

OPENSUSE-SU-2026:20342-1 Security update for go1.26

This update for go1.26 fixes the following issues: Changes in go1.26: go1.26.1 released 2026-03-05 includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages...

7.5CVSS6.1AI score0.00728EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/06 9:28 p.m.3 views

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.7AI score0.00328EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/06 9:3 p.m.3 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the met...

6.1CVSS5.5AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 6:30 p.m.3 views

GHSA-2WW6-868G-2C56 OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation

Summary The HTML session exporter src/auto-reply/reply/export-html/template.js interpolates img.mimeType directly into attributes without validation or escaping. A crafted mimeType value e.g., x" onerror="alert1 can break out of the attribute context and execute arbitrary JavaScript. Impact An...

4.6CVSS6.1AI score0.00148EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.4 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:3428)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3428 advisory. golang: html/template: errors returned from MarshalJSON methods may break template escaping CVE-2024-24785 crypto/x509: golang: Denial of Service due to...

7.5CVSS6.9AI score0.00795EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2026/02/26 2:36 p.m.6 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS5.7AI score0.00795EPSS
Exploits0References8
NVD
NVD
added 2026/02/06 4:16 p.m.8 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : toolbox-0.0.99.4-6.el9 (AXSA:2023-6916:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6916:03 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...

9.8CVSS8.1AI score0.04561EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : golang-1.19.9-2.el9, go-toolset-1.19.9-1.el9 (AXSA:2023-6015:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6015:03 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 Tenable has extracted the preceding description block directly from the...

9.8CVSS8.4AI score0.01548EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 9 : buildah-1.31.3-1.el9 (AXSA:2023-6640:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6640:04 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

9.8CVSS8.3AI score0.04561EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : podman-4.6.1-5.el9 (AXSA:2023-6760:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6760:07 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

9.8CVSS7.3AI score0.04561EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.7 views

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS 120...

6.1CVSS6.4AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.6 views

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

7.5CVSS6.8AI score0.01341EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2023:6939)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6939 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handli...

9.8CVSS6.4AI score0.04561EPSS
Exploits3References35
Rows per page
Query Builder