Lucene search
K

47 matches found

Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-56445 pydicom pynetdicom Library Path Traversal

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Python 3.11

If the value passed to os.path.expandvars is controlled by the user, there is a possibility of performance degradation when expanding environment variables...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:11 a.m.9 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/02 9:11 a.m.13 views

EUVD-2026-33905

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/02 9:11 a.m.7 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6.7AI score0.00437EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/02 9:11 a.m.9 views

CVE-2026-5422 Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References1
CVE
CVE
added 2026/06/02 9:11 a.m.45 views

CVE-2026-5422

Affected software: jupyter-server 2.17.0. Root cause: path traversal due to an incorrect boundary check in _get_os_path() (uses startswith(root) without trailing separator) and to_os_path() not stripping '..' from path parts. Impact: unauthorized read/write access to files in sibling directories,...

8.1CVSS6.7AI score0.00437EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Jupyter Server 安全漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Version 2.17.0 of Jupyter Server contains a security vulnerability. This vulnerability stems from incorrect root directory boundary checks in the getospath function,...

8.1CVSS5.3AI score0.00437EPSS
Exploits1References1
Redos
Redos
added 2026/05/05 12:0 a.m.5 views

ROS-20260505-73-0020

A vulnerability in the os.path.expandvars function of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS6.4AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/04/27 12:0 a.m.13 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.01279EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.8 views

RHEL 8 : python3.12 (RHSA-2026:10950)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10950 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7AI score0.01279EPSS
Exploits1References24
Github Security Blog
Github Security Blog
added 2026/04/10 7:24 p.m.7 views

PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...

7.4CVSS6.2AI score0.00273EPSS
Exploits1References3Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
SUSE Linux
SUSE Linux
added 2026/03/27 9:4 a.m.9 views

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
OSV
OSV
added 2026/03/27 9:4 a.m.6 views

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References21
OSV
OSV
added 2026/03/26 10:36 a.m.5 views

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References19
OSV
OSV
added 2026/03/20 11:48 a.m.1 views

SUSE-SU-2026:20768-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7.1AI score0.01525EPSS
Exploits0References17
OSV
OSV
added 2026/03/19 12:47 p.m.0 views

SUSE-SU-2026:20796-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References17
GithubExploit
GithubExploit
added 2026/03/15 11:3 p.m.326 views

Exploit for Path Traversal in Python Setuptools

CVE-2025-47273: Path Traversal in setuptools.packageindex...

8.8CVSS6AI score0.01479EPSS
Exploits4
OSV
OSV
added 2026/03/12 1:48 p.m.5 views

CLSA-2026-1773323311 python3.11: Fix of CVE-2025-6075

CVE-2025-6075: fix quadratic complexity in os.path.expandvars...

5.5CVSS6AI score0.00136EPSS
Exploits0References1
Rows per page
Query Builder