Lucene search
+L

29 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/28 7:37 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...

7.5CVSS5.6AI score0.00728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:5 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-27142 DESCRIPTION: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an...

8.2CVSS8AI score0.00728EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.13 views

RHEL 9 : buildah (RHSA-2026:12030)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:12030 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

10CVSS7.1AI score0.01945EPSS
Exploits4References12
RedHat Linux
RedHat Linux
added 2026/04/16 10:51 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Amazon
Amazon
added 2026/04/13 12:0 a.m.12 views

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 3: thunderbird (TSSA-2025:0600)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0600 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS6.2AI score0.03123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/08 10:57 p.m.4 views

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS6.8AI score0.00443EPSS
Exploits0References7
CVE
CVE
added 2025/10/29 10:10 p.m.50 views

CVE-2025-47912

CVE-2025-47912 is addressed in IBM Cloud Pak for Business Automation/IBM Business Automation Workflow container bulletins. The IBM advisories confirm that the vulnerability stems from a parsing flaw in the Parse function: it allows values other than IPv6 addresses to be placed inside square brack...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987436)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987436 advisory. Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed websi...

6.5CVSS7.1AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15539

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.08325EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2025/09/10 12:27 p.m.2 views

requests: Requests vulnerable to .netrc credentials leak via malicious URLs

A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...

5.3CVSS6.6AI score0.00845EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.7 views

PT-2025-33336 · Cisco · Cisco Secure Firewall Threat Defense (Ftd)

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description: A flaw exists in the Geolocation-Based Remote Access RA VPN feature that may allow a remote, unauthenticated attacker to circumvent configured HTTP...

5.8CVSS6.3AI score0.00482EPSS
Exploits0References6
Mozilla
Mozilla
added 2025/06/24 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS7.6AI score0.03123EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2025/06/16 1:37 a.m.11 views

USN-7568-1 requests vulnerabilities

Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2023-32681 Juho Forsén discovered that Requests did not correctly...

6.1CVSS6.7AI score0.02974EPSS
Exploits2References3
OSV
OSV
added 2025/06/09 6:15 p.m.8 views

AZL-63812 CVE-2024-47081 affecting package python-requests for versions less than 2.27.1-8

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...

5.3CVSS6.7AI score0.00845EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/05/03 9:30 p.m.22 views

Duplicate Advisory: `allowed_domains` can be bypassed by putting a decoy domain in http auth username portion of a URL

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x39x-9qw5-ghrf. This link is maintained to preserve external references. Original Description In browser-use aka Browser Use before 0.1.45, URL parsing of alloweddomains is mishandled because userinfo can be...

4CVSS7AI score0.00445EPSS
Exploits0References5Affected Software1
F5 Networks
F5 Networks
added 2025/02/12 12:46 a.m.11 views

K000149757: Python vulnerability CVE-2022-0391

Security Advisory Description A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the U...

7.5CVSS7.1AI score0.08325EPSS
Exploits1
OSV
OSV
added 2024/08/05 7:49 p.m.14 views

GHSA-VF6R-87Q4-2VJF nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR

Summary The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. Details The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL...

6.3CVSS5.9AI score0.0044EPSS
Exploits1References3
OSV
OSV
added 2024/01/02 5:15 a.m.9 views

AZL-45348 CVE-2023-26159 affecting package js-jquery 3.5.0-4

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

6.1CVSS6.7AI score0.00797EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/06/22 1:1 p.m.158 views

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

7.5CVSS6.8AI score0.20459EPSS
Exploits3References5
Rows per page
Query Builder