Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Tenable Nessus
Tenable Nessusadded 2026/04/02 12:0 a.m.3 views

FreeBSD : Python -- The webbrowser.open() API allows leading dashes (9fdad262-2e0f-11f1-88c7-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9fdad262-2e0f-11f1-88c7-00a098b42aeb advisory. https://github.com/python/cpython/pull/143931 reports: The webbrowser.open API would accept leading...

7CVSS5.8AI score0.00015EPSS
Exploits0References3
Snyk
Snykadded 2026/03/20 4:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the webbrowser.open function. An attacker can execute arbitrary browser command-line options by supplying a URL with leading dashes, potentially causing unintended browser behavior or security bypass...

7.1CVSS6.1AI score0.00015EPSS
Exploits0References2
OSV
OSVadded 2026/03/20 3:8 p.m.3 views

PSF-2026-14

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7CVSS5.8AI score0.00015EPSS
Exploits0References15
Rows per page
Query Builder