Lucene search
+L

215 matches found

osv
osv
added 2026/07/09 5:8 p.m.1 views

SUSE-SU-2026:2817-1 Security update for go1.25

This update for go1.25 fixes the following issues - Update to version go1.25.12 bsc1244485. - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content...

7.8CVSS6.8AI score0.0052EPSS
Exploits0References14
amazon
amazon
added 2026/05/26 12:0 a.m.20 views

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
susecve
susecve
added 2026/05/09 2:43 a.m.10 views

SUSE CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References14
osv
osv
added 2026/05/07 7:41 p.m.2 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS6.4AI score0.00314EPSS
Exploits0References7
alpinelinux
alpinelinux
added 2026/05/07 7:41 p.m.21 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0
osv
osv
added 2026/05/07 7:21 p.m.17 views

GO-2026-4982 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from incorrect escaping of URLs in the content attribute of meta tags, potentially leadin...

6.1CVSS5.7AI score0.00314EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.16 views

PT-2026-38565

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
nessus
nessus
added 2026/04/13 12:0 a.m.2 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
osv
osv
added 2026/04/11 2:3 p.m.7 views

OESA-2026-1851 golang security update

. Security Fixes: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable...

6.1CVSS7.1AI score0.00328EPSS
Exploits0References2
redhat
redhat
added 2026/04/09 11:0 a.m.2 views

html/template: URLs in meta content attribute actions are not escaped in html/template

An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added...

6.1CVSS6AI score0.00328EPSS
Exploits0References8
suse
suse
added 2026/03/24 8:54 a.m.17 views

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509:...

8.7CVSS6.1AI score0.00606EPSS
Exploits0References24
redhat
redhat
added 2026/03/20 7:45 p.m.3 views

html/template: URLs in meta content attribute actions are not escaped in html/template

An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added...

6.1CVSS6.7AI score0.00328EPSS
Exploits0References8
osv
osv
added 2026/03/11 6:34 p.m.4 views

SUSE-SU-2026:0875-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content attribute actio...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References8
nvd
nvd
added 2026/03/06 10:16 p.m.6 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS0.00328EPSS
Exploits0References4
osv
osv
added 2026/03/06 10:16 p.m.10 views

AZL-79601 CVE-2026-27142 affecting package gcc 13.2.0-7

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
osv
osv
added 2026/03/06 10:16 p.m.6 views

AZL-79616 CVE-2026-27142 affecting package golang 1.18.8-10

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.6AI score0.00328EPSS
Exploits0References1
osv
osv
added 2026/03/06 10:16 p.m.8 views

AZL-79637 CVE-2026-27142 affecting package python-tensorboard 2.11.0-3

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.6AI score0.00328EPSS
Exploits0References1
osv
osv
added 2026/03/06 10:16 p.m.4 views

DEBIAN-CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.5AI score0.00328EPSS
Exploits0References1
cve
cve
added 2026/03/06 9:28 p.m.95 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder