Lucene search
K

12932 matches found

OSV
OSV
added 2026/04/07 12:1 a.m.8 views

RLSA-2026:6283 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters of upstream DNS servers, allowing authenticated attackers to inject arbitrary...

8.8CVSS6AI score0.00859EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters in DNS host records, allowing authenticated attackers to inject arbitrary dnsmas...

8.8CVSS6AI score0.00537EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 12:0 a.m.5 views

ALSA-2026:6766 Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.7AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from the DNS CNAME record configuration parameters, allowing authenticated attackers to inject arbitrary dnsma...

8.8CVSS6AI score0.00686EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.8 views

RHEL 9 : python3.9 (RHSA-2026:6766)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6766 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/04/07 12:0 a.m.7 views

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/06 9:31 p.m.4 views

EUVD-2026-19440

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

8.4CVSS6.2AI score0.00041EPSS
Exploits0References3
CVE
CVE
added 2026/04/06 6:58 p.m.13 views

CVE-2026-35020

CVE-2026-35020 entry is rejected/not used by the CNA.

6.2AI score0.00114EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/06 5:43 p.m.2 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/06 4:58 p.m.5 views

CVE-2026-34769

A flaw was found in Electron, a framework for building desktop applications. This vulnerability arises from an undocumented commandLineSwitches webPreference that allows arbitrary command-line switches to be appended to the renderer process. A remote attacker could exploit this by providing...

7.8CVSS6.2AI score0.00295EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 4:10 p.m.18 views

CVE-2026-34975 Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS0.00194EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/06 4:10 p.m.4 views

CVE-2026-34975 Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS6.1AI score0.00194EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.4 views

MiracleLinux 8 : python3-3.6.8-75.el8_10.ML.1 (AXSA:2026-407:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-407:04 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.4 views

RockyLinux 8 : python3.11 (RLSA-2026:6281)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6281 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/04/05 8:31 p.m.108 views

curl: SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)

Summary libcurl’s SMTP implementation fails to properly sanitize CRLF sequences in user-controlled inputs passed via CURLOPTMAILFROM and CURLOPTMAILRCPT. The function smtpparseaddress lib/smtp.c:277 extracts any data following the closing character as a raw suffix and incorporates it directly int...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

MiracleLinux 8 : python3.11-3.11.13-6.el8_10 (AXSA:2026-393:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-393:08 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/03 11:33 p.m.2 views

CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

7.7CVSS5.9AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 11:33 p.m.21 views

CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

7.7CVSS0.00295EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.3 views

SUSE CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

8.2CVSS5.7AI score0.00299EPSS
Exploits0References3
Rows per page
Query Builder