Lucene search
K

46 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46143

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 1:35 p.m.10 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/05/08 11:16 p.m.6 views

UBUNTU-CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/07 3:49 a.m.10 views

EUVD-2026-28246

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.33 views

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

0.00446EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/22 7:9 a.m.8 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/08 2:7 p.m.4 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.2AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/02 2:18 p.m.6 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.1AI score0.00308EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/24 11:27 a.m.23 views

CVE-2019-25628 Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

9.8CVSS0.00802EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/27 9:54 p.m.11 views

CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

7.8CVSS6AI score0.01162EPSS
Exploits0
CVE
CVE
added 2026/01/12 5:52 p.m.24 views

CVE-2026-22250

CVE-2026-22250 affects the Weblate command-line client wlc . Prior to version 1.17.0, SSL verification could be skipped for certain crafted URLs, potentially allowing an attacker to access sensitive resources. Ubuntu USN-7981-1 summarizes the issue and notes an update is available; remediation is...

5.5CVSS6.4AI score0.00134EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/08/09 5:15 a.m.6 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5.1CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/09 4:46 a.m.11 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5.1CVSS0.00215EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/07/23 11:40 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/21 3:2 p.m.4 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
OSV
OSV
added 2025/06/09 6:15 p.m.4 views

UBUNTU-CVE-2024-47081

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...

5.3CVSS6.7AI score0.00846EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/06/05 3:14 a.m.2 views

SUSE CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

6.8CVSS7.4AI score0.006EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/01/28 9:36 a.m.6 views

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

8.5CVSS5.7AI score0.0104EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/23 5:59 p.m.22 views

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

8.5CVSS5.7AI score0.0104EPSS
Exploits0References7
OSV
OSV
added 2025/01/14 7:55 p.m.5 views

USN-7207-1 git vulnerabilities

It was discovered that Git incorrectly handled certain URLs when asking for credentials. An attacker could possibly use this issue to mislead the user into typing passwords for trusted sites that would then be sent to untrusted sites instead. CVE-2024-50349 It was discovered that git incorrectly...

7.5CVSS6.9AI score0.01019EPSS
Exploits0References3
Rows per page
Query Builder