CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-47911

The IBM Security Bulletin for ELM on Hybrid Cloud notes CVE-2025-47911 affects the underlying golang.org/x/net/html html.Parse function, which can exhibit quadratic parsing behavior on carefully crafted HTML inputs and may enable DoS. Affected product versions are ELM on Hybrid Cloud 1.0.0 to 1.3...

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-58190 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

EUVD-2025-206855

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Infinite loop

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting special...

GO-2026-4441 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

GO-2026-4440 Quadratic parsing complexity in golang.org/x/net/html

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

ROS-20260205-73-0010

A vulnerability in the max20086parseregulatorsdt function of the Linux operating system kernel is related to incorrect resource initialization. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Aurelia-Path < 1.1.7 - Prototype Pollution

Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...

Parse Server - GraphQL Schema Information Disclosure

The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. id: CVE-2025-53364 info: name...

openSUSE 16 Security Update : gpg2 (openSUSE-SU-2026:20136-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20136-1 advisory. - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: denial of service...

GHSA-H395-GR6Q-CPJC jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

CVE-2024-5986

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

PT-2026-6431

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...