19537 matches found
CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-4786
CVE-2026-4786 notes incomplete mitigation of CVE-2026-4519. The issue arises when a URL contains "%action" allowing bypass of mitigation for certain browser types in Python's webbrowser.open(), enabling potential commands injected into the underlying shell. Connected CVE-4519 details indicate the...
PSF-0000-CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-22563
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...
CVE-2026-22564
CVE-2026-22564 describes an 00 improper access control vulnerability in UniFi Play components. The affected products are UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (
CVE-2026-22565
CVE-2026-22565: A vulnerability described as an improper input validation issue could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected products are UniFi Play PowerAmp (versions ≤ 1.0.35) and UniFi Play Audio Port (versions ≤ 1.0.24). ...
CVE-2026-32316
A flaw was found in jq, a command-line JSON processor. An attacker can exploit an integer overflow vulnerability by crafting queries that produce extremely large strings. This causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, leading to a drastically undersized...
CVE-2026-6100
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
CVE-2026-1462
A flaw was found in the keras package. This vulnerability allows an attacker to execute unauthorized code on a victim's system. It occurs when a victim loads a specially crafted .keras model, even if the safemode security feature is active. The issue arises because the keras package can...
CVE-2026-40023
A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...
CVE-2026-34479
A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to...
CVE-2026-34477
A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...
CVE-2026-34480
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...