Lucene search
K

386 matches found

OSV
OSV
added 2 days ago12 views

BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS7.1AI score0.0029EPSS
Exploits0References58
OSV
OSV
added 2 days ago5 views

BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References58
RedHat Linux
RedHat Linux
added 2 days ago8 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.9AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago7 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.1CVSS7.5AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/06/27 6:4 a.m.3 views

RLSA-2026:28581 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS7.5AI score0.0029EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2507)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2466)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

RockyLinux 9 : python3.14 (RLSA-2026:28247)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28247 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...

7.1CVSS6.4AI score0.0029EPSS
Exploits1References5
OSV
OSV
added 2026/06/24 12:3 p.m.4 views

RLSA-2026:28247 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/24 5:8 a.m.8 views

Important: Red Hat Security Advisory: python3.14 security, bug fix, and enhancement update

An update for python3.14 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.1CVSS6.4AI score0.0029EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/24 5:8 a.m.6 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.8AI score0.00308EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

RHEL 9 : python3.14 (RHSA-2026:28247)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28247 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.1CVSS7.6AI score0.0029EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/23 11:39 p.m.7 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.1AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 12:0 a.m.4 views

ALSA-2026:28581 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References6
OSV
OSV
added 2026/06/23 12:0 a.m.3 views

ALSA-2026:28247 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2026/06/23 12:0 a.m.5 views

Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References6
OSV
OSV
added 2026/06/19 9:44 a.m.4 views

SUSE-SU-2026:2464-1 Security update for python313

This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: oss-security CPython: Incomplete mitigati...

9.1CVSS6.3AI score0.00579EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.6 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.8 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.1CVSS6.4AI score0.00579EPSS
Exploits0References3
Rows per page
Query Builder