21 matches found
BIT-PYTHON-2026-4519 webbrowser.open() allows leading dashes in URLs
The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...
EUVD-2025-208960
Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Net-CIDR vulnerability (USN-8110-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8110-1 advisory. Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibl...
USN-8110-1: Net-CIDR vulnerability
Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibly use this to bypass IP-based restrictions...
USN-8110-1 libnet-cidr-perl vulnerability
Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibly use this to bypass IP-based restrictions...
CVE-2026-31859
CVE-2026-31859 (Craft CMS) : Craft CMS is vulnerable to a reflective XSS via incomplete return URL sanitization. The fix for CVE-2025-35939 added a strip_tags() call in src/web/User.php to sanitize return URLs, but strip_tags() only strips HTML tags and does not validate URL schemes. Payloads suc...
CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization
Summary The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes. Payloads like...
EUVD-2005-2663
Malware in sbrugna...
PT-2025-37225
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to module loading time optimization. Specifically, the module frob arch sections function utilizes a counting algorithm with On^2 complexity wh...
CVE-2025-57665
Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...
Linux Distros Unpatched Vulnerability : CVE-2019-16222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 has an issue with URL sanitization in wpksesbadprotocolonce in wp- includes/kses.php that can lead to cross-site scripting XSS attacks...
USN-7705-1: Tomcat vulnerabilities
It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2025-46701 Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly...
USN-7705-1 tomcat10 vulnerabilities
It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2025-46701 Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly...
go-retryablehttp: url might write sensitive information to log file
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
...
DEBIAN-CVE-2020-4048
In affected versions of WordPress, due to an issue in wpvalidateredirect and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release...
ffmpeg/ffmpeg_AV_CODEC_ID_HYMT_fuzzer: Crash in ff_add_hfyu_left_pred_bgr32_sse2
Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5729689379799040 Project: ffmpeg Fuzzer: aflffmpegAVCODECIDHYMTfuzzer Fuzz target binary: ffmpegAVCODECIDHYMTfuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address:...
unicorn/fuzz_emu_arm64_arm: Crash in reset_temp_aarch64
Project: https://github.com/unicorn-engine/unicorn.git Detailed report: https://oss-fuzz.com/testcase?key=5758411325571072 Project: unicorn Fuzzer: aflunicornfuzzemuarm64arm Fuzz target binary: fuzzemuarm64arm Job Type: aflasanunicorn Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
USN-3275-3 openjdk-7 regression
USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in...
USN-3275-1 openjdk-8 vulnerabilities
It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. CVE-2017-3509 It was discovered that an untrusted library search path fl...