Lucene search
K

6 matches found

OSV
OSV
added 3 days ago12 views

BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS7.1AI score0.0029EPSS
Exploits0References58
OSV
OSV
added 3 days ago5 views

BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References58
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
SUSE Linux
SUSE Linux
added 2026/05/25 2:2 p.m.11 views

Security update for python312

This update for python312 fixes the following issues CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open bsc1262319. CVE-2026-6019: BaseCookie.jsoutput does not...

9.1CVSS7.8AI score0.00579EPSS
Exploits1References16
OSV
OSV
added 2026/05/04 8:53 a.m.6 views

CLSA-2026-1777884819 python3.9: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of the dash-prefix safety check by validating the post-substitution URL and expanding %action before %s in UnixBrowser argument assembly...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 8:29 a.m.7 views

CLSA-2026-1777883384 python3.11: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of dash-prefix check by validating url after %action expansion and reordering replace calls so the dash-prefix check sees the final argument...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder