Lucene search
K

955 matches found

CVE
CVE
added 2026/05/08 12:0 a.m.19 views

CVE-2026-38361

CVE-2026-38361 affects fohrloop/dash-uploader (versions 0.1.0–0.7.0a2). The flaw resides in dash_uploader/httprequesthandler.py and related components where attacker-controlled resumableTotalChunks and related parameters enable unbounded memory allocation (OOM) and a file-truncation path, leading...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References11Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.101 views

Exploit for CVE-2026-38361

CVE-2026-38361: Multiple Unauthenticated DoS Vulnerabilities i...

6.1AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.105 views

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...

6AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 2:59 p.m.94 views

Exploit for CVE-2026-38360

CVE-2026-38360: Directory Traversal in dash-uploader !CVE...

6AI score0.05982EPSS
Exploits5
OSV
OSV
added 2026/05/07 9:15 a.m.12 views

CLSA-2026-1778145319 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS5.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 8:29 a.m.6 views

CLSA-2026-1778142589 python3: Fix of 2 CVEs

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

TencentOS Server 2: python (TSSA-2026:0281)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0281 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 7:32 p.m.7 views

@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.16.0) +15 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)

@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.5.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-23870 Source advisory:...

7.5CVSS7AI score0.01533EPSS
Exploits1
OSV
OSV
added 2026/05/06 5:16 p.m.18 views

CLSA-2026-1778087756 python3: Fix of 2 CVEs

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.9 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
vulnersOsv
vulnersOsv
added 2026/05/05 8:30 p.m.12 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.29) potentially affected by CVE-2026-43930 via parse-server (>=9.6.0-alpha.37 <=9.8.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.29 Source cves: CVE-2026-43930 Source advisory: SNYK:JS-PARSESERVER-16424355...

5.9CVSS5.8AI score0.00236EPSS
Exploits0
OSV
OSV
added 2026/05/05 4:31 p.m.13 views

CLSA-2026-1777998709 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS5.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 1:25 a.m.6 views

CLSA-2026-1777944317 Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: tarfile DoS via negative member offsets - debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py. - CVE-2025-8194 SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch:...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 8:29 a.m.7 views

CLSA-2026-1777883384 python3.11: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of dash-prefix check by validating url after %action expansion and reordering replace calls so the dash-prefix check sees the final argument...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.7 views

CVE-2026-31518 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31518 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CloudLinux
CloudLinux
added 2026/05/02 12:58 a.m.16 views

python: Fix of 2 CVEs

CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...

7.1CVSS6.4AI score0.00308EPSS
Exploits0
OSV
OSV
added 2026/05/02 12:58 a.m.9 views

CLSA-2026-1777457441 python: Fix of 2 CVEs

CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/01 6:29 p.m.11 views

CLSA-2026-1777660095 python3.9: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of dash-prefix check...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 11:30 a.m.6 views

CLSA-2026-1777548617 Fix CVE(s): CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/25 1:55 a.m.10 views

[SECURITY] Fedora 44 Update: zeal-0.8.0-2.fc44

Zeal is a simple offline documentation browser inspired by Dash...

5.3AI score
Exploits0
Rows per page
Query Builder