MiracleLinux 9 : python3.11-3.11.13-5.2.el9_7 (AXSA:2026-385:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-385:07 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

RHEL 8 : python3 (RHSA-2026:6473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6473 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

ALSA-2026:6473 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

📄 Bloomberg Memray Cross Site Scripting

Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

GHSA-WWPW-HRX8-79R5 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

Access Control Bypass

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Access Control Bypass due to a PHP operator precedence issue in the CLI access guard of the install/deleteSystemdPrivate.php script. An attacker can cause deletion...

AlmaLinux 8 : python3.12 (ALSA-2026:6283)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6283 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

AlmaLinux 9 : python3.11 (ALSA-2026:6286)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6286 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

AlmaLinux 9 : python3.12 (ALSA-2026:6285)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6285 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

Credential Exposure

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CLI MCP server. An attacker can gain unauthorized access to privileged tools by issuing cross-origin requests from a malicious website on the same machine, leveraging the...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...