Lucene search
K

185 matches found

SUSE Linux
SUSE Linux
added 2026/02/26 3:16 p.m.6 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
OSV
OSV
added 2026/02/26 3:15 p.m.8 views

SUSE-SU-2026:0664-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

6CVSS5.9AI score0.0055EPSS
Exploits0References13
OSV
OSV
added 2026/02/25 4:29 p.m.12 views

SUSE-SU-2026:0645-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/02/25 4:27 p.m.5 views

Security update for python39

This update for python39 fixes the following issues: CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
OSV
OSV
added 2026/02/24 3:14 p.m.5 views

SUSE-SU-2026:0613-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
OSV
OSV
added 2026/02/24 3:14 p.m.3 views

SUSE-SU-2026:0612-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/02/22 12:0 a.m.6 views

openSUSE 16 Security Update : python313 (openSUSE-SU-2026:20254-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20254-1 advisory. Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing...

6CVSS7.4AI score0.0056EPSS
Exploits0References15
OSV
OSV
added 2026/02/19 9:42 a.m.6 views

CLSA-2026-1771494125 nodejs: Fix of CVE-2024-22020

CVE-2024-22020: lib,esm: handle bypass network-import via data...

6.5CVSS6.8AI score0.01104EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

6CVSS7.1AI score0.0056EPSS
Exploits0References12
Amazon
Amazon
added 2026/02/18 12:0 a.m.10 views

Medium: python3.12

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2026/02/18 12:0 a.m.7 views

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
OSV
OSV
added 2026/01/31 8:43 a.m.6 views

BIT-JOOMLA-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/01/26 2:43 p.m.4 views

BIT-LIBPYTHON-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.9AI score0.0048EPSS
Exploits0References10
EUVD
EUVD
added 2026/01/21 12:31 a.m.2 views

EUVD-2025-206305

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.4AI score0.0048EPSS
Exploits0References5
CVE
CVE
added 2026/01/20 9:35 p.m.25 views

CVE-2025-15282

CVE-2025-15282 concerns Python’s urllib.request DataHandler, where user-controlled data URLs can inject HTTP headers due to improper parsing of data URL mediatypes. Connected sources show fixes in CPython commits addressing this header-injection surface in the urllib module, indicating the underl...

6CVSS5.4AI score0.0048EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from allowing header injection via line breaks when parsing data URLs that are controlled by users...

6CVSS5.8AI score0.0048EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...

9.8CVSS7.4AI score0.77766EPSS
Exploits6References11
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3662

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-15282 Description User-controlled data URLs parsed by urllib.request.DataHandler can allow injection of headers through newlines in the data URL mediatype. The issue involves the parsing of data URLs, potentially leading...

9.1CVSS5.8AI score0.01525EPSS
Exploits2References168
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.2 views

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

8.4CVSS6.4AI score0.00175EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.5 views

Joomla! 6.x < 6.0.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...

8.4CVSS6.8AI score0.00175EPSS
Exploits0References5
Rows per page
Query Builder