Lucene search
K

13 matches found

OSV
OSV
added 2026/05/18 1:56 p.m.8 views

CLEANSTART-2026-QI02196 Security fixes for CVE-2025-15558, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-40179, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99 applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.29.0-r0, 1.29.1-r0, 1.29.1-r1, 1.29.2-r0

Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits2References28
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.10 views

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-107 (ALASDOCKER-2026-107)

"The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-107 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.14 views

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-105 (ALASDOCKER-2026-105)

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-105 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.8 views

Amazon Linux 2023 : yq (ALAS2023-2026-1582)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

7.5CVSS7.3AI score0.00728EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.2 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/04/01 9:35 a.m.5 views

CLEANSTART-2026-AP81168 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.13.4-r0, 2.13.5-r0, 2.13.5-r1

Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.02307EPSS
Exploits2References19
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.16 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1501)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1501 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/03/20 3:6 p.m.7 views

SUSE-SU-2026:0947-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS7.3AI score0.00765EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2026:0875-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0875-1 advisory. Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of ho...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with...

6.1CVSS7.6AI score0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/06 9:28 p.m.23 views

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

0.00328EPSS
Exploits0References4
CVE
CVE
added 2026/03/06 9:28 p.m.91 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/06 8:12 p.m.2 views

BELL-CVE-2026-27142

Bulletin has no description...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder