MediaMTX affected by CVE-2026-27143 due to vulnerable dependency

Summary Release 1.17.1 seems affected by CVE-2026-27143. golang 1.25.9 Seems to solve the issue. Is there any new release planned? Details See https://nvd.nist.gov/vuln/detail/CVE-2026-27143...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

golang security update

1.25.9-1 - Update to Go 1.25.9 fips-2 - Resolves: RHEL-169931...

Oracle Linux 9 : golang (ELSA-2026-10219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10219 advisory. 1.25.9-1 - Update to Go 1.25.9 fips-2 - Resolves: RHEL-169931 Tenable has extracted the preceding description block directly from the Oracle Linux...

golang security update

1.25.9-3 - Do not ignore any tests in check 1.25.9-2 - Skip terminal test in container 1.25.9-1 - Update to Go 1.25.9 fips-2...

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2026:20570-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20570-1 advisory. - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143:...

SUSE-SU-2026:1321-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144: cmd/compile:...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: If one side of the TLS connection sends multiple key update messages post-handshake in a singl...

GHSA-6RXQ-Q92G-4RMF kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

CVE-2023-48752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

CVE-2023-48752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Software Happyforms Type Plugin Vulnerable versions = 1.25.9 Fixed in 1.25.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48752 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 31f86188864b Credits Le Ngoc Anh Required privilege...

CVE-2023-35943

CVE-2023-35943 affects Envoy’s CORS filter: prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, removing the origin header between decodeHeaders and encodeHeaders can cause a segfault/crash. A fix is available in those branches (upgrade to a version that includes the patch, e.g., 1.27...

CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3

CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3. A patched version of the package is available...

SUSE-SU-2021:3251-1 Security update for python-urllib3

This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed bsc1177120 Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking...

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...