Lucene search
K

12 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.21 views

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.8AI score0.00813EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2026-1721)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1721 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...

7.5CVSS7.3AI score0.00813EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/07 9:30 p.m.21 views

EUVD-2026-28424

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 8:16 p.m.17 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS0.00314EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.8 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-38565

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
OSV
OSV
added 2026/04/17 1:3 p.m.16 views

OESA-2026-1979 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24608

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

7.5CVSS5.7AI score0.00328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with...

6.1CVSS7.6AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 10:16 p.m.10 views

AZL-79604 CVE-2026-27142 affecting package gcc 11.2.0-9

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 9:3 p.m.3 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the met...

6.1CVSS5.5AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from URLs that are inserted into the content attribute of HTML meta tags without being...

6.1CVSS7.1AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder