Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

MGASA-2026-0035 Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3135 (ALAS-2026-3135)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3135 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary Z...

Amazon Linux 2 : golang-github-cpuguy83-go-md2man, --advisory ALAS2-2026-3137 (ALAS-2026-3137)

The version of golang-github-cpuguy83-go-md2man installed on the remote host is prior to 1.0.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3137 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service wh...

Medium: nerdctl

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

Golang 1.25.x < 1.25.6 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.6. It is, therefore, affected by multiple vulnerabilities as referenced in advisory. - bypass of flag sanitization can lead to arbitrary code execution. CVE-2025-61731 - unexpected code execution when invoking toolchain...

PT-2026-2482

Name of the Vulnerable Software and Affected Versions cmd/go affected versions not specified Description A malicious file created using cmd/go can result in a write operation to a file controlled by an attacker, with partial control over the file's content. The issue stems from the use of the 'cg...

PT-2026-2489

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A flaw exists where downloading and building modules with malicious version strings can lead to local code execution. Systems utilizing Mercurial hg are susceptible to unexpected code execution wh...