Lucene search
K

341 matches found

SUSE Linux
SUSE Linux
added 2026/02/24 3:14 p.m.4 views

Security update for python310

This update for python310 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.13 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1437)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1437 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

6CVSS7.1AI score0.0056EPSS
Exploits0References12
OSV
OSV
added 2026/01/26 2:49 p.m.14 views

BIT-PYTHON-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.9AI score0.0048EPSS
Exploits0References10
OSV
OSV
added 2026/01/26 2:43 p.m.5 views

BIT-LIBPYTHON-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.9AI score0.0048EPSS
Exploits0References10
CVE
CVE
added 2026/01/20 9:35 p.m.26 views

CVE-2025-15282

CVE-2025-15282 concerns Python’s urllib.request DataHandler, where user-controlled data URLs can inject HTTP headers due to improper parsing of data URL mediatypes. Connected sources show fixes in CPython commits addressing this header-injection surface in the urllib module, indicating the underl...

6CVSS5.4AI score0.0048EPSS
Exploits0References9
Snyk
Snyk
added 2026/01/20 9:35 p.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the urllib.request.DataHandler. An attacker can manipulate HTTP headers by injecting newline characters in the mediatype portion of a data URL, to alter request behavior or bypass security controls. Remediation A fix...

6.5CVSS6AI score0.0048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : nodejs:14 (AXSA:2022-3040:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3040:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788...

9.8CVSS7.3AI score0.04456EPSS
Exploits6References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/26 6:30 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

5.4CVSS5.4AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.3 views

CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using th...

3.5CVSS6.3AI score0.00198EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1201)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1201 advisory. - In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10,...

5.4CVSS6AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.12 views

CVE-2025-65019

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

6.1CVSS6.1AI score0.00223EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.12 views

TencentOS Server 4: thunderbird (TSSA-2024:1046)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1046 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.00809EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.13 views

TencentOS Server 3: nodejs:20 (TSSA-2024:0765)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0765 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References5
Snyk
Snyk
added 2025/11/19 8:9 p.m.5 views

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the isRemoteAllowed function. An attacker can execute arbitrary JavaScript in the victim's browser by submitting a crafted SVG...

6.1CVSS5.4AI score0.00223EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/19 8:9 p.m.73 views

Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

6.1CVSS6.3AI score0.00223EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/11/19 4:40 p.m.6 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS6AI score0.00223EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/19 4:40 p.m.3 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS5.7AI score0.00223EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.10 views

PT-2025-47490

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.9 Description Astro, a web framework, has an issue when using the Cloudflare adapter @astrojs/cloudflare with output set to 'server'. The image optimization endpoint '/ image' includes a flaw in the isRemoteAllowed...

6.1CVSS5.7AI score0.00223EPSS
Exploits1References9
Rows per page
Query Builder