Lucene search
K

49 matches found

OSV
OSV
added 2026/07/02 6:5 p.m.4 views

SUSE-SU-2026:2733-1 Security update for buildah

This update for buildah fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267179. - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE...

10CVSS6.4AI score0.00868EPSS
Exploits2References30
OSV
OSV
added 2026/05/27 2:20 p.m.8 views

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References9
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:10 a.m.18 views

Invoking duplicate attributes can cause XSS in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:5 a.m.15 views

Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 5:42 p.m.10 views

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...

8.1CVSS5.7AI score0.00178EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 5:42 p.m.15 views

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...

6.1CVSS5.7AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 3:1 p.m.85 views

CVE-2026-25681

CVE-2026-25681 affects the golang.org/x/net/html component. The root cause is an incorrect handling of character references in DOCTYPE nodes, which can cause an unexpected HTML tree when rendering and potentially enable XSS in applications that sanitize input HTML before rendering. The descriptio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.7 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.16 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.191 views

CVE-2026-25680

CVE-2026-25680 affects the Go ecosystem’s HTML parser in golang.org/x/net/html. Description: parsing arbitrary HTML can cause excessive CPU time, potentially leading to denial of service. CVSSv3.1 base score 6.5 (Network, Low attack complexity, User interaction required, Availability impact). Con...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.21 views

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

0.00248EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in containerd-app

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References2
OSV
OSV
added 2026/02/12 10:6 p.m.5 views

GHSA-W4GW-W5JQ-G9JH golang.org/x/net/html has a Quadratic Parsing Complexity issue

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to Denial of Service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References6
OSV
OSV
added 2026/02/05 6:16 p.m.12 views

AZL-77049 CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.4 views

DEBIAN-CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS8AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-76830 CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76863 CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.2AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score
Exploits0References4
Cvelist
Cvelist
added 2026/02/05 5:48 p.m.28 views

CVE-2025-47911 Quadratic parsing complexity in golang.org/x/net/html

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

0.00502EPSS
Exploits0References4
CVE
CVE
added 2026/02/05 5:48 p.m.74 views

CVE-2025-47911

The IBM Security Bulletin for ELM on Hybrid Cloud notes CVE-2025-47911 affects the underlying golang.org/x/net/html html.Parse function, which can exhibit quadratic parsing behavior on carefully crafted HTML inputs and may enable DoS. Affected product versions are ELM on Hybrid Cloud 1.0.0 to 1.3...

5.3CVSS8AI score0.00502EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder