Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

...

CVE-2026-42506

CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

PT-2026-37269

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.35.0 Description An attacker with permissions to create AdmissionPolicy or AdmissionPolicyGroup can craft a policy using the can i host callback to enumerate RBAC permissions of any user or service account across...

SUSE CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2292-1 advisory. - Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. CVE-2021-25749...

kubernetes: Unauthorized read of Custom Resources

A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

SUSE CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Design/Logic Flaw

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Fedora 30 : php-twig2 (2019-c7c03cd449)

Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

Fedora 28 : php-twig2 (2019-e86155be6e)

Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - rds: congestion updates can be missed when kernel low on memory Mukesh Kacker Orabug: 28425811 - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures Venkat Venkatsubra Orabug:...

glibc - getcwd() Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall...