Lucene search
K

199 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 5:33 p.m.7 views

Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

5.3AI score0.00026EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2026/03/24 10:39 a.m.5 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS6.6AI score0.01499EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/22 4:52 p.m.5 views

EUVD-2026-3986

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

5.4AI score0.00355EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/02 12:5 a.m.4 views

CVE-2025-61594

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

6.9CVSS5.8AI score0.0051EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.3 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS7.2AI score0.01499EPSS
Exploits0References6
OSV
OSV
added 2025/11/26 1:31 a.m.1 views

ECHO-3986-A6D9-7D93

Bulletin has no description...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 11:16 p.m.6 views

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2025/10/29 10:10 p.m.48 views

CVE-2025-47912

CVE-2025-47912 is addressed in IBM Cloud Pak for Business Automation/IBM Business Automation Workflow container bulletins. The IBM advisories confirm that the vulnerability stems from a parsing flaw in the Parse function: it allows values other than IPv6 addresses to be placed inside square brack...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/23 4:25 p.m.9 views

GO-2025-3986 vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet

vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet...

2.1CVSS6.9AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34319

Malicious code in bioql PyPI...

6.3CVSS6.7AI score0.0067EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-1935

Malicious code in bioql PyPI...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-11168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not...

6.3CVSS6.4AI score0.0067EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/06 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS7AI score0.0067EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.2 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1809)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...

6.3CVSS6.6AI score0.0067EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/12 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1675)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.6AI score0.01499EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/12 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.6AI score0.01499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.3 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1675)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.3 views

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1623)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/11 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1623)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS8.6AI score0.01499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.3 views

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1640)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
Rows per page
Query Builder