Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2025/12/22 12:0 a.m.4 views

Debian dla-4418 : python3-mechanize - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4418 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4418-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.2AI score0.28661EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linuxadded 2023/01/23 12:0 a.m.3 views

Security update for python-mechanize (moderate)

openSUSE Security Update: Security update for python-mechanize Announcement ID: openSUSE-SU-2023:0030-1 Rating: moderate References: 1202003 1207242 Cross-References: CVE-2021-32837 Affected Products: openSUSE Backports SLE-15-SP4 An update that solves one vulnerability and has one errata is now...

7.5CVSS7.7AI score0.28661EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/01/17 12:0 a.m.5 views

CVE-2021-32837 mechanize vulnerable to ReDoS

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service ReDoS prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for t...

7.5CVSS7.6AI score0.28661EPSS
Exploits1References5
Veracode
Veracodeadded 2022/06/10 5:21 a.m.31 views

Information Disclosure Via Header Leak

mechanize is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to the authorization header by redirecting a victim to a different port on the same site...

7.5CVSS7.4AI score0.01359EPSS
Exploits0References7Affected Software2
Snyk
Snykadded 2022/06/09 11:47 p.m.1 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials which leaks the Authorization header after a redirect to a different port on the same site. Remediation Upgrade mechanize to version 2.8.5 or higher. References - GitHub Commit - GitHub PR...

7.5CVSS6.9AI score0.01359EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/04/05 12:0 a.m.1 views

PT-2023-12176

Name of the Vulnerable Software and Affected Versions mechanize versions prior to 0.4.6 Description The mechanize library, used for automatically interacting with HTTP web servers, contains a regular expression vulnerable to regular expression denial of service ReDoS. If a web server responds...

8.7CVSS7.8AI score0.28661EPSS
Exploits1References40
OSV
OSVadded 2021/03/12 1:25 a.m.2 views

MGASA-2021-0124 Updated ruby-mechanize packages fix a security vulnerability

In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernelopen method CVE-2021-21289...

8.3CVSS8.4AI score0.03507EPSS
Exploits0References3
Rows per page
Query Builder