Lucene search
K

19537 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/13 9:52 p.m.12 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.8AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 9:52 p.m.2 views

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.9AI score0.0029EPSS
Exploits0References8
CVE
CVE
added 2026/04/13 9:52 p.m.55 views

CVE-2026-4786

CVE-2026-4786 notes incomplete mitigation of CVE-2026-4519. The issue arises when a URL contains "%action" allowing bypass of mitigation for certain browser types in Python's webbrowser.open(), enabling potential commands injected into the underlying shell. Connected CVE-4519 details indicate the...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References56
OSV
OSV
added 2026/04/13 9:52 p.m.1 views

PSF-0000-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/13 9:52 p.m.4 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.3AI score0.0029EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/13 9:52 p.m.36 views

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS0.0029EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:28 p.m.6 views

CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

9.8CVSS5.8AI score0.01051EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 9:28 p.m.14 views

CVE-2026-22564

CVE-2026-22564 describes an 00 improper access control vulnerability in UniFi Play components. The affected products are UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (

9.8CVSS5.8AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 9:28 p.m.17 views

CVE-2026-22565

CVE-2026-22565: A vulnerability described as an improper input validation issue could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected products are UniFi Play PowerAmp (versions ≤ 1.0.35) and UniFi Play Audio Port (versions ≤ 1.0.24). ...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 9:14 p.m.5 views

CVE-2026-32316

A flaw was found in jq, a command-line JSON processor. An attacker can exploit an integer overflow vulnerability by crafting queries that produce extremely large strings. This causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, leading to a drastically undersized...

8.2CVSS6.3AI score0.00484EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/13 9:5 p.m.8 views

CVE-2026-6100

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/13 7:57 p.m.14 views

CVE-2026-1462

A flaw was found in the keras package. This vulnerability allows an attacker to execute unauthorized code on a victim's system. It occurs when a victim loads a specially crafted .keras model, even if the safemode security feature is active. The issue arises because the keras package can...

8.8CVSS6AI score0.00328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 5:23 p.m.3 views

CVE-2026-40023

A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...

6.3CVSS5.7AI score0.00499EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.5 views

CVE-2026-34479

A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to...

7.5CVSS5.7AI score0.00535EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.6 views

CVE-2026-34477

A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...

6.8CVSS5.7AI score0.00395EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 4:9 p.m.7 views

CVE-2026-34480

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 12:47 p.m.2 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:58 a.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:52 a.m.1 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:37 a.m.3 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
Rows per page
Query Builder