Lucene search
K

957 matches found

OSV
OSV
added 2026/04/30 11:30 a.m.7 views

CLSA-2026-1777548617 Fix CVE(s): CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/25 1:55 a.m.10 views

[SECURITY] Fedora 44 Update: zeal-0.8.0-2.fc44

Zeal is a simple offline documentation browser inspired by Dash...

5.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/23 4:40 p.m.9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwm6-q8ch-hcfr. This link is maintained to preserve external references. Original Description A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the ...

6.3CVSS6AI score0.00108EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.12 views

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS0.00108EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/22 2:6 p.m.6 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
CBLMariner
CBLMariner
added 2026/04/21 1:37 a.m.6 views

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1. An upgraded version of the package is available that resolves this issue...

6.3CVSS5.7AI score0.00317EPSS
Exploits1
OSV
OSV
added 2026/04/16 12:15 p.m.4 views

MAL-2026-2700 Malicious code in conventional-changelog-dash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 881ccc3d6c947645ee3866499931db298b0f2f7ac4a3d41dd9acf806d4e6d702 The package conventional-changelog-dash was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 12:15 p.m.6 views

Malicious code in conventional-changelog-dash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 881ccc3d6c947645ee3866499931db298b0f2f7ac4a3d41dd9acf806d4e6d702 The package conventional-changelog-dash was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.13 views

Important: python

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

7CVSS6AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: python3

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

7CVSS6AI score0.00308EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.6 views

Amazon Linux 2 : python, --advisory ALAS2-2026-3227 (ALAS-2026-3227)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3227 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.9 views

Amazon Linux 2 : python3, --advisory ALAS2-2026-3228 (ALAS-2026-3228)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3228 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-bloc...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2026/04/13 12:0 a.m.11 views

dash -- arith: INTMAX_MIN / -1 overflow

https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3 reports: Division and remainder currently guard against division by zero, but not against the signed overflow case INTMAXMIN / -1. On affected systems this can trigger SIGFPE during arithmetic...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/08 1:20 p.m.9 views

CLSA-2026-1775654402 python3.9: Fix of CVE-2026-4519

CVE-2026-4519: fix webbrowser.open leading dash injection...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/08 12:14 a.m.7 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39381 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39381 Source advisory: OSV:GHSA-G4V2-QX3Q-4P64...

5.3CVSS5.8AI score0.00193EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/08 12:7 a.m.8 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

6.3CVSS5.8AI score0.0023EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/07 2:19 p.m.3 views

Security update for python

This update for python fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-3644: incomplete control character validation in http.cookies can lead to input...

8.2CVSS6.1AI score0.00621EPSS
Exploits0References16
vulnersOsv
vulnersOsv
added 2026/04/04 4:22 a.m.8 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-35200 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-35200 Source advisory: OSV:GHSA-VR5F-2R24-W5HC...

5.4CVSS5.8AI score0.00162EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/04 4:22 a.m.5 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-35200 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-35200 Source advisory: SNYK:JS-PARSESERVER-15906332...

5.4CVSS5.8AI score0.00162EPSS
Exploits0
Rows per page
Query Builder