Lucene search
K

709 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. Th...

8.7CVSS7.3AI score0.00572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/12 11:13 p.m.4 views

CVE-2026-32274

A user input sanitization flaw has been discovered in the Black python code formatter. Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker...

8.7CVSS5.7AI score0.00572EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.8 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS6AI score0.00572EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 8:16 p.m.4 views

UBUNTU-CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References4
OSV
OSV
added 2026/03/12 7:47 p.m.6 views

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/03/12 7:47 p.m.8 views

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 7:47 p.m.4 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.14 views

Black 路径遍历漏洞

Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...

8.7CVSS7.3AI score0.00572EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 8:16 p.m.8 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS0.0046EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.4 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 8:16 p.m.3 views

UBUNTU-CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.4AI score0.0046EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 7:15 p.m.35 views

CVE-2026-31900

CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 7:15 p.m.1 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS6.3AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 7:15 p.m.33 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Black 输入验证错误漏洞

Black is a Python code formatter developed by the Python Software Foundation. Versions of Black prior to 26.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability for malicious pull requests to configure the use of malicious repository URLs,...

9.8CVSS6.1AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.6 views

PT-2026-24654

Name of the Vulnerable Software and Affected Versions Black versions prior to 26.3.0 Description Black is a Python code formatter that provides a GitHub action for code formatting. The action supports an option, use pyproject: true, to read the Black version from the repository's pyproject.toml...

9.8CVSS6.4AI score0.00572EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1449)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1449 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 2:15 p.m.26 views

CVE-2026-27749

CVE-2026-27749 affects Avira Internet Security, specifically the System Speedup component. The vulnerability arises from deserialization of untrusted data by the privileged process Avira.SystemSpeedup.RealTimeOptimizer.exe (running as SYSTEM) which reads a file under C:\ProgramData and deserializ...

8.5CVSS6.5AI score0.00323EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 2:15 p.m.4 views

CVE-2026-27749

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...

8.5CVSS6.5AI score0.00323EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.7 views

Fedora 43 : 389-ds-base / python3-docs / python3.14 (2026-27ce708600)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-27ce708600 advisory. - New minor version of the Python interpreter, bringing also security fixes. - 389-ds-base: Fix system index configuration issues - 389-ds-base: Fix...

6CVSS6AI score0.0056EPSS
Exploits0References6
Rows per page
Query Builder