Golang 1.25.x < 1.25.11 / 1.26.x < 1.26.4 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.11, or 1.26.x prior to 1.26.4. It is, therefore, affected by multiple vulnerabilities: - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caus...

Astra Linux - уязвимость в chromium

Side-channel information leakage in keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page...

PT-2026-23826

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $ GET"token" and $ GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...

mapstructure security vulnerability

MapStructure is a Go language library developed by Viper. There is a security vulnerability in MapStructure. This vulnerability arises from the use of MapStructure.WeakDecode; errors during this process may lead to sensitive input values being leaked, potentially causing information leaks...

EUVD-2025-17018

Malicious code in bioql PyPI...

SUSE CVE-2025-5702

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

DEBIAN-CVE-2025-5702

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

CVE-2025-5702

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which arises when the application returns malicious user input in a response without any...