CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57777 matches found

RedHat Linux•added 2026/04/22 3:41 p.m.•5 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7CVSS5.8AI score0.00015EPSS

Exploits0References2

RedHat Linux•added 2026/04/22 3:41 p.m.•7 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7CVSS6AI score0.00015EPSS

Exploits0References7

OSV•added 2026/04/22 2:35 p.m.•3 views

GHSA-73H3-MF4W-8647 Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Summary The extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 ...

2.3CVSS5.9AI score0.0009EPSS

Exploits0References4

Snyk•added 2026/04/22 2:35 p.m.•3 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...

8.7CVSS6.4AI score0.0009EPSS

Exploits0References2

Github Security Blog•added 2026/04/22 2:35 p.m.•6 views

Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

2.3CVSS5.9AI score0.0009EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2026/04/22 2:6 p.m.•4 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7CVSS5.8AI score0.00015EPSS

Exploits0References2

RedHat Linux•added 2026/04/22 2:6 p.m.•2 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

7CVSS6AI score0.00015EPSS

Exploits0References7

OSV•added 2026/04/22 12:32 p.m.•4 views

CLSA-2026-1776861173 python3: Fix of CVE-2022-48565

CVE-2022-48565: plistlib: reject XML entity declarations in plist files to prevent XXE attacks...

9.8CVSS7.3AI score0.07274EPSS

Exploits3References1

RedhatCVE•added 2026/04/22 10:40 a.m.•1 views

CVE-2026-28684

A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the setkey and unsetkey functions in python-dotenv follow when rewriting .env files. This can lead to the overwriting of arbitrary files on the system. Mitigation Mitigation for this issue is...

7.1CVSS5.7AI score0.00004EPSS

Exploits1References6

GithubExploit•added 2026/04/22 10:13 a.m.•82 views

Exploit for OS Command Injection in Webmin

Python usa...

10CVSS7.6AI score0.94459EPSS

Exploits36

OSV•added 2026/04/22 10:11 a.m.•3 views

RHSA-2026:9621 Red Hat Security Advisory: python3 security update