Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center linuxtesting.org with the SVACE static analysis...

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

Medium: python

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

BIT-PYTHON-MIN-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

BIT-LIBPYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

EUVD-2026-12484

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

UBUNTU-CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

PSF-2026-11

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

CVE-2026-3644

CVE-2026-3644 documents an incomplete fix for CVE-2026-0672 in the Python cookie handling stack. The vulnerability arises because control characters can bypass input validation in the http.cookies.Morsel through not-yet-patched paths: Morsel.update(), the |= operator, and unpickling paths. Additi...

CVE-2025-62453

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...

EUVD-2020-29939

Malware in sbrugna...

EUVD-2018-0679

Malware in sbrugna...

EUVD-2019-8734

Malware in sbrugna...

EUVD-2024-51096

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-6810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console...

CVE-2024-12768

The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2018-15729

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B...

GHSA-2HMP-5WQG-F24H PlotAI eval vulnerability

A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. PlotAI commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...

CVE-2025-1497

PlotAI contains a vulnerability (CVE-2025-1497) where lack of validation of LLM-generated output can allow an attacker to execute arbitrary Python code (RCE). The issue affects PlotAI as described in multiple sources; the vendor has commented out the vulnerable line and states that further use re...