Lucene search
K

235 matches found

Snyk
Snyk
added 2026/03/11 10:40 p.m.4 views

Improper Encoding or Escaping of Output

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 7:53 p.m.3 views

GHSA-9JFH-9XRQ-4VWM Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.9AI score0.00214EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/01/27 4:29 p.m.163 views

Lab-Reflected-XSS-into-attribute-with-angle-brackets-HTML-encoded

Reflected XSS - Attribute Injection A simple demonstration of...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 8 : python39:3.9 (AXSA:2025-11636:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11636:01 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References13
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.1 views

MiracleLinux 9 : python3.11-3.11.11-2.el9 (AXSA:2025-10375:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10375:03 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 9 : python3.12-3.12.9-1.el9 (AXSA:2025-10388:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10388:05 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.7 views

Siemens Ruggedcom ROX Improper Input Validation (CVE-2025-0938)

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References3
OSV
OSV
added 2026/01/07 3:44 p.m.4 views

CLSA-2026-1767800687 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 3:34 p.m.7 views

CLSA-2026-1767800092 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 4:8 p.m.5 views

CLSA-2026-1767629333 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.3 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS7.2AI score0.01499EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.7 views

RockyLinux 8 : python39:3.9 (RLSA-2025:23530)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don'...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References25
AlmaLinux
AlmaLinux
added 2025/12/17 12:0 a.m.8 views

Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.4CVSS7AI score0.01499EPSS
Exploits14References26
OSV
OSV
added 2025/12/12 12:20 p.m.6 views

OESA-2025-2828 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 12:20 p.m.2 views

OESA-2025-2826 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

5.3CVSS6.8AI score0.00534EPSS
Exploits0References3
Amazon
Amazon
added 2025/12/08 12:0 a.m.5 views

Important: cri-tools

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/12/08 12:0 a.m.7 views

Important: cni-plugins

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/12/08 12:0 a.m.9 views

Important: cni-plugins

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.9AI score0.00626EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.15 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-080 (ALASECS-2025-080)

The version of oci-add-hooks installed on the remote host is prior to 0-0.5.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-080 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.8 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-082 (ALASDOCKER-2025-082)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-082 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Rows per page
Query Builder