CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

RedHat Linux•added 2026/05/19 6:30 p.m.•10 views

Important: Red Hat Security Advisory: python3.14 security update

An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.1CVSS7.5AI score0.0017EPSS

Exploits0References10

RedHat Linux•added 2026/05/19 6:30 p.m.•7 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00061EPSS

Exploits0References8

Tenable Nessus•added 2026/05/19 12:0 a.m.•8 views

RHEL 10 : python3.12 (RHSA-2026:19064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7.1AI score0.00205EPSS

Exploits1References26

OSV•added 2026/04/27 12:0 a.m.•4 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.00205EPSS

Exploits1References24

Vulnrichment•added 2026/03/16 5:37 p.m.•2 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00205EPSS

Exploits0References6

Hacker One•added 2025/11/06 12:7 p.m.•12 views

curl: SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT

libcurl's SMTP implementation accepts CR \r and LF \n bytes in mailbox address inputs without validation. These control characters are inserted directly into SMTP commands, allowing attackers to inject arbitrary SMTP protocol commands. This enables envelope manipulation, adding unauthorized...

7.5AI score

Exploits0