Important: python3.11

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

CVE-2026-23738

CVE-2026-23738 affects Asterisk; prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user-supplied cookie/GET parameter values are echoed into the HTML of the /httpstatus page without escaping, enabling reflected XSS. The issue is mitigated by upgrading to the patched series (20.7...

Linux Distros Unpatched Vulnerability : CVE-2021-33621

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...