185 matches found
Security update for python3
This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
SUSE-SU-2026:0664-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
SUSE-SU-2026:0645-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
Security update for python39
This update for python39 fixes the following issues: CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when...
SUSE-SU-2026:0613-1 Security update for python310
This update for python310 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
SUSE-SU-2026:0612-1 Security update for python36
This update for python36 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
openSUSE 16 Security Update : python313 (openSUSE-SU-2026:20254-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20254-1 advisory. Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing...
CLSA-2026-1771494125 nodejs: Fix of CVE-2024-22020
CVE-2024-22020: lib,esm: handle bypass network-import via data...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...
Medium: python3.12
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
Medium: python3.13
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
BIT-JOOMLA-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
BIT-LIBPYTHON-2025-15282 Header injection via newlines in data URL mediatype
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
EUVD-2025-206305
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282
CVE-2025-15282 concerns Python’s urllib.request DataHandler, where user-controlled data URLs can inject HTTP headers due to improper parsing of data URL mediatypes. Connected sources show fixes in CPython commits addressing this header-injection surface in the urllib module, indicating the underl...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from allowing header injection via line breaks when parsing data URLs that are controlled by users...
MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...
PT-2026-3662
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-15282 Description User-controlled data URLs parsed by urllib.request.DataHandler can allow injection of headers through newlines in the data URL mediatype. The issue involves the parsing of data URLs, potentially leading...
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
Joomla! 6.x < 6.0.2 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...