Lucene search
K

141 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 7:1 p.m.8 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 6:24 p.m.11 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:35 p.m.10 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:33 p.m.9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
CVE
CVE
added 2026/05/13 3:27 p.m.27 views

CVE-2026-44664

The CVE concerns fast-xml-builder, which converts JSON to XML. In version 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitized -- sequences in XML comments via .replace(/--/g, '- -'), allowing an attacker to break out of a comment and inject arbitrary XML/HTML. The issue is addressed in...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/08 4:27 p.m.31 views

fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

6.1CVSS6AI score0.00194EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/08 4:27 p.m.14 views

GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

6.1CVSS6AI score0.00194EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39286

Name of the Vulnerable Software and Affected Versions fast-xml-builder version 1.1.5 Description An issue exists where the sanitization of -- sequences in XML comment content is insufficient. The use of .replace/--/g, '- -' fails to handle values containing three consecutive dashes e.g., ---...,...

6.1CVSS5.9AI score0.00194EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

TencentOS Server 2: python3 (TSSA-2026:0282)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0282 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 5:31 p.m.8 views

CLSA-2026-1778002331 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 11:36 p.m.15 views

CLSA-2026-1778000974 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 11:32 p.m.7 views

CLSA-2026-1778015238 python: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 5:35 p.m.10 views

CLSA-2026-1778002076 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:7 a.m.10 views

CLSA-2026-1777946871 python: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:5 a.m.6 views

CLSA-2026-1777946712 python: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 1:20 a.m.7 views

CLSA-2026-1777944042 Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: tarfile DoS via negative member offsets - debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py. - CVE-2025-8194 SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch:...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 11:27 a.m.9 views

CLSA-2026-1777548458 Fix CVE(s): CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 9:47 a.m.10 views

CLSA-2026-1777456062 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.9 views

TencentOS Server 3: python3 (TSSA-2026:0258)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0258 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.1CVSS5.4AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder