Lucene search
+L

191 matches found

RedHat Linux
RedHat Linux
added 2026/04/21 11:45 a.m.9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/21 11:42 a.m.60 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/11 7:41 p.m.3 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.8AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/08 2:7 p.m.4 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.2AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/02 2:18 p.m.6 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.1AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/03/27 10:16 p.m.3 views

DEBIAN-CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.6AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 10:16 p.m.16 views

UBUNTU-CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.9AI score0.00291EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 9:13 p.m.27 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS0.00291EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 9:13 p.m.98 views

CVE-2026-33941

The CVE-2026-33941 issue affects the Handlebars CLI precompiler (bin/handlebars, lib/precompiler.js) from versions 4.0.0–4.7.8, where user-controlled template filenames and CLI options are concatenated into the emitted JavaScript without escaping. An attacker who can influence filenames or argume...

8.2CVSS6AI score0.00291EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References10
Snyk
Snyk
added 2026/03/27 6:22 p.m.2 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated...

8.4CVSS6AI score0.00291EPSS
Exploits1References4
OSV
OSV
added 2026/03/25 8:44 a.m.3 views

BIT-LIBPYTHON-2026-4519 webbrowser.open() allows leading dashes in URLs

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/03/22 12:25 a.m.5 views

SUSE CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References34
RedhatCVE
RedhatCVE
added 2026/03/20 9:17 p.m.6 views

CVE-2026-4519

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References6
OSV
OSV
added 2026/03/20 3:8 p.m.1 views

CVE-2026-4519 webbrowser.open() allows leading dashes in URLs

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7CVSS6.7AI score0.00308EPSS
Exploits0References74
CVE
CVE
added 2026/03/20 3:8 p.m.552 views

CVE-2026-4519

CVE-2026-4519 affects the Python webbrowser.open() API, where URLs with a leading dash could be treated as command‑line options by certain browsers. The published CVE description shows that the new behavior rejects leading dashes and recommends sanitizing URLs before passing them to webbrowser.op...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References71Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the webbrowser.open API accepting leading dashes in URLs. This could allow certain web browsers to treat these URLs as command-line options, resulting in securi...

7CVSS6.7AI score0.00308EPSS
Exploits0References6
OSV
OSV
added 2026/03/12 8:54 p.m.3 views

OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge

This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...

7.3CVSS6AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 8:14 p.m.10 views

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.2AI score0.00241EPSS
Exploits2References4
Rows per page
Query Builder