Lucene search
K

58385 matches found

RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.2 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS7.2AI score0.01499EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.5 views

python: Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...

7.8CVSS7.2AI score0.00647EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.4 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS7.3AI score0.01109EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.9 views

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

6.5CVSS7.5AI score0.00744EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.11 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.15 views

Important: Red Hat Security Advisory: python39:3.9 security update

An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References14
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.5 views

cpython: Python HTMLParser quadratic complexity

A denial-of-service DoS vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource...

4.3CVSS5.7AI score0.00462EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.425 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00345EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.14 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS5.7AI score0.00728EPSS
Exploits2References10
Fedora
Fedora
added 2025/12/18 1:12 a.m.17 views

[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

9.8CVSS7.9AI score0.1914EPSS
Exploits14
Fedora
Fedora
added 2025/12/18 1:12 a.m.12 views

[SECURITY] Fedora 42 Update: python-django5-5.2.9-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

9.8CVSS7.9AI score0.1914EPSS
Exploits14
Fedora
Fedora
added 2025/12/18 12:59 a.m.11 views

[SECURITY] Fedora 43 Update: python-django5-5.2.9-1.fc43

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

9.8CVSS7.9AI score0.1914EPSS
Exploits14
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.151 views

📄 Langflow 1.3.0 Remote Code Execution

A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...

9.8CVSS10AI score0.99968EPSS
Exploits33
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.163 views

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

5.3CVSS8.3AI score0.04548EPSS
Exploits22
Oracle linux
Oracle linux
added 2025/12/18 12:0 a.m.8 views

python3.9 security update

3.9.25-2.0.1 - Remove upstream URL reference 3.9.25-2 - Move sysconfigdatadlinux.py to the debug subpackage 3.9.25-1 - Update to Python 3.9.25 3.9.24-1 - Update to Python 3.9.24...

6.5CVSS9.3AI score0.00744EPSS
Exploits0
Oracle linux
Oracle linux
added 2025/12/18 12:0 a.m.6 views

python-kdcproxy security update

0.3.2-3.0.1 - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089...

8.6CVSS7AI score0.00453EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2025-2559)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS6.8AI score0.00281EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2025-2562)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to...

5.3CVSS6.9AI score0.00846EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.2 views

Fedora 42 : brotli / perl-Alien-Brotli (2025-9e233a4e22)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-9e233a4e22 advisory. Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to...

8.9CVSS7.3AI score0.00622EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.17 views

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

7.2AI score
Exploits0
Rows per page
Query Builder