Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile: no-op...

SUSE-SU-2026:0947-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

Alibaba Cloud Linux 3 : 0163: gnutls (ALINUX3-SA-2025:0163)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0163 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-32988: A flaw was found in GnuTLS...

EUVD-2018-18851

Malware in sbrugna...

EUVD-2023-59254

Malicious code in bioql PyPI...

EUVD-2024-0935

Malicious code in bioql PyPI...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...

Linux Distros Unpatched Vulnerability : CVE-2023-24540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set...

Important: amazon-ssm-agent

Issue Overview: The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with R...

DEBIAN-CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

GHSA-PP4C-2692-7F37 Plone Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

CVE-2020-13343

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...

DEBIAN-CVE-2015-8862

mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...

MGASA-2014-0469 Updated php-smarty packages fix security vulnerability

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...