199 matches found
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
EUVD-2026-3986
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...
CVE-2025-61594
A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
ECHO-3986-A6D9-7D93
Bulletin has no description...
CVE-2025-47912
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...
CVE-2025-47912
CVE-2025-47912 is addressed in IBM Cloud Pak for Business Automation/IBM Business Automation Workflow container bulletins. The IBM advisories confirm that the vulnerability stems from a parsing flaw in the Parse function: it allows values other than IPv6 addresses to be placed inside square brack...
GO-2025-3986 vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet
vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet...
EUVD-2024-34319
Malicious code in bioql PyPI...
EUVD-2025-1935
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-11168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1721)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1809)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1675)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1623)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1623)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1640)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...