Lucene search
K

13 matches found

OSV
OSV
added 2026/05/18 1:56 p.m.8 views

CLEANSTART-2026-QI02196 Security fixes for CVE-2025-15558, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-40179, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99 applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.29.0-r0, 1.29.1-r0, 1.29.1-r1, 1.29.2-r0

Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits2References28
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.10 views

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-107 (ALASDOCKER-2026-107)

"The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-107 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.14 views

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-105 (ALASDOCKER-2026-105)

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-105 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.2 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.8 views

Amazon Linux 2023 : yq (ALAS2023-2026-1582)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

7.5CVSS7.3AI score0.00728EPSS
Exploits1References18
OSV
OSV
added 2026/04/01 9:35 a.m.6 views

CLEANSTART-2026-AP81168 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.13.4-r0, 2.13.5-r0, 2.13.5-r1

Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.02307EPSS
Exploits2References19
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.16 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1501)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1501 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/03/20 3:6 p.m.7 views

SUSE-SU-2026:0947-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS7.3AI score0.00765EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2026:0875-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0875-1 advisory. Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of ho...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with...

6.1CVSS7.6AI score0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/06 9:28 p.m.23 views

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

0.00328EPSS
Exploits0References4
CVE
CVE
added 2026/03/06 9:28 p.m.91 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/06 8:12 p.m.3 views

BELL-CVE-2026-27142

Bulletin has no description...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder