Lucene search
+L

243 matches found

redhat
redhat
added 2026/06/30 11:20 p.m.2 views

python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to...

6.1CVSS6.4AI score0.00229EPSS
Exploits1References8
redhat
redhat
added 2026/06/29 12:13 p.m.2 views

python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to...

6.1CVSS6.4AI score0.00229EPSS
Exploits1References8
redhat
redhat
added 2026/06/29 10:39 a.m.3 views

python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to...

6.1CVSS6.4AI score0.00229EPSS
Exploits1References8
osv
osv
added 2026/06/27 6:4 a.m.7 views

RLSA-2026:28581 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS7.5AI score0.0029EPSS
Exploits1References3
redhat
redhat
added 2026/06/24 5:8 a.m.12 views

Important: Red Hat Security Advisory: python3.14 security, bug fix, and enhancement update

An update for python3.14 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.1CVSS6.4AI score0.0029EPSS
Exploits1References3
redhat
redhat
added 2026/06/23 11:39 p.m.10 views

python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to...

6.1CVSS6.4AI score0.00229EPSS
Exploits1References8
osv
osv
added 2026/06/23 12:0 a.m.6 views

ALSA-2026:28581 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References6
osv
osv
added 2026/06/23 12:0 a.m.5 views

ALSA-2026:28247 Important: python3.14 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References6
nessus
nessus
added 2026/06/03 12:0 a.m.10 views

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References25
osv
osv
added 2026/05/30 6:3 p.m.33 views

RLSA-2026:19176 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS7.5AI score0.00621EPSS
Exploits0References10
rocky
rocky
added 2026/05/29 4:3 p.m.25 views

python3.14 security update

An update is available for python3.14. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

9.1CVSS6.4AI score0.00621EPSS
Exploits0
rocky
rocky
added 2026/05/28 3:43 p.m.23 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

9.1CVSS7.7AI score0.01279EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.17 views

PT-2026-42621

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

5.4CVSS5.7AI score
Exploits0References3
redhat
redhat
added 2026/05/19 6:30 p.m.14 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References8
redhat
redhat
added 2026/05/19 6:28 p.m.21 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References8
redhat
redhat
added 2026/05/19 6:28 p.m.23 views

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS7.2AI score0.00401EPSS
Exploits0References6
osv
osv
added 2026/05/19 5:57 p.m.15 views

CLSA-2026-1779213441 python3.11: Fix of 11 CVEs

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...

7.5CVSS6.8AI score0.00744EPSS
Exploits0References1
redhat
redhat
added 2026/05/19 1:35 p.m.24 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.1CVSS7.1AI score0.01279EPSS
Exploits1References13
redhat
redhat
added 2026/05/19 1:33 p.m.19 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References8
osv
osv
added 2026/05/19 12:0 a.m.15 views

ALSA-2026:19177 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.4AI score0.01279EPSS
Exploits1References26
Rows per page
Query Builder