python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The specific flaw exists within the processing of Docke...

RHEL 6 : python (RHSA-2026:10102)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10102 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

RHEL 9 : python3.12 (RHSA-2026:10111)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10111 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-alpha.17) potentially affected by unknown CVE via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-16318352...

@saltcorn/cli (>=1.0.0 <=1.4.3), @saltcorn/mobile-builder (>=1.0.0 <=1.4.3) potentially affected by unknown CVE via @saltcorn/server (>=1.0.0-beta.1 <=1.4.3)

@saltcorn/server NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-16318352...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

CVE-2026-40602

A flaw was found in the Home Assistant Command-line interface hass-cli. This command-line tool for Home Assistant used an unrestricted environment to handle Jinja2 templates, rather than a sandboxed one. A local user with high privileges could exploit this by providing malicious input within Jinj...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

RHEL 9 : python3.11 (RHSA-2026:9705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9705 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : python3.11 (RHSA-2026:9591)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9591 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 7 : python (RHSA-2026:9614)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9614 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

CVE-2026-40602

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...