Lucene search
K

338 matches found

Vulnrichment
Vulnrichment
added 2026/03/12 5:20 p.m.2 views

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

5.9AI score0.00237EPSS
Exploits1References1
Huntr
Huntr
added 2026/03/06 8:31 a.m.5 views

Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS

Summary The VideoMediaIO.loadbase64 method in vLLM's multimodal processing pipeline splits video/jpeg data URLs by comma delimiters to extract individual JPEG frames, but does not enforce a frame count limit. An attacker can craft a single API request containing thousands of comma-separated...

7.5CVSS5.7AI score0.00543EPSS
Exploits1
Amazon
Amazon
added 2026/03/06 12:0 a.m.16 views

Medium: python3

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.9AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2026/03/06 12:0 a.m.4 views

Medium: python

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.9AI score0.0055EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/05 7:26 p.m.6 views

Gogs: Stored XSS via data URI in issue comments

Summary A Stored Cross-site Scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. Details The...

8.7CVSS6.3AI score0.00306EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:40 p.m.7 views

CVE-2026-26195

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23484

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, contains a stored cross-site scripting XSS issue in the comment and issue description functionality. The HTML sanitizer allows data: URI schemes, enabling authenticated...

9.9CVSS5.9AI score0.22162EPSS
Exploits69References140
Amazon
Amazon
added 2026/03/05 12:0 a.m.6 views

Medium: python3.11

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.9AI score0.0056EPSS
Exploits0
Snyk
Snyk
added 2026/03/04 7:2 p.m.4 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the resolveIdentityAvatarUrl function. An attacker can access arbitrary files outside the intended workspace by supplying a crafted local avatar path that follows a...

6.9CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/04 7:2 p.m.5 views

GHSA-9MPH-4F7V-FMVH OpenClaw has agent avatar symlink traversal in gateway session metadata

Summary A crafted local avatar path could follow a symlink outside the agent workspace and return arbitrary file contents as a base64 data: URL in gateway responses. Impact - Confidentiality impact: local file read in the gateway process context. - Exfiltration path: agents.list can return the...

6.9CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:0644-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0644-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable...

6CVSS7.2AI score0.0055EPSS
Exploits0References19
OSV
OSV
added 2026/02/28 12:45 p.m.5 views

OESA-2026-1459 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS
Exploits0References3
OSV
OSV
added 2026/02/28 12:45 p.m.6 views

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/28 12:0 a.m.9 views

SUSE SLES15: libpython3_10-1_0 / libpython3_10-1_0-32bit / python310 / etc (SUSE-SU-2026:0613-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0613-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable...

6CVSS7.2AI score0.0055EPSS
Exploits0References19
SUSE Linux
SUSE Linux
added 2026/02/25 4:28 p.m.4 views

Security update for python312

This update for python312 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
OSV
OSV
added 2026/02/25 4:27 p.m.3 views

SUSE-SU-2026:0643-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/02/24 3:14 p.m.4 views

Security update for python310

This update for python310 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.13 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1437)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1437 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

6CVSS7.1AI score0.0056EPSS
Exploits0References12
OSV
OSV
added 2026/01/26 2:49 p.m.13 views

BIT-PYTHON-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.9AI score0.0048EPSS
Exploits0References10
OSV
OSV
added 2026/01/26 2:43 p.m.4 views

BIT-LIBPYTHON-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.9AI score0.0048EPSS
Exploits0References10
Rows per page
Query Builder