Lucene search
+L

7422 matches found

redhat
redhat
added 2026/04/21 3:37 p.m.7 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
redhat
redhat
added 2026/04/21 2:31 p.m.12 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
redhat
redhat
added 2026/04/21 11:45 a.m.9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
redhat
redhat
added 2026/04/21 11:42 a.m.60 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
nessus
nessus
added 2026/04/21 12:0 a.m.7 views

RHEL 9 : python3.9 (RHSA-2026:9262)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9262 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
nessus
nessus
added 2026/04/18 12:0 a.m.9 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:1417-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1417-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References16
redhat
redhat
added 2026/04/17 6:54 p.m.2 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.8AI score0.00308EPSS
Exploits0References7
euvd
euvd
added 2026/04/17 6:31 p.m.4 views

EUVD-2026-22834

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References3
nessus
nessus
added 2026/04/17 12:0 a.m.9 views

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:1385-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1385-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References16
osv
osv
added 2026/04/16 9:16 a.m.5 views

SUSE-SU-2026:1385-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper resource argument validation can allow path traversal bsc1259989. - CVE-2026-3644: incomplete control...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References11
nessus
nessus
added 2026/04/16 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:1354-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1354-1 advisory. - Update to v3.13.13 - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYP...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References22
osv
osv
added 2026/04/15 7:6 p.m.7 views

SUSE-SU-2026:1376-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can lead to pa...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References11
osv
osv
added 2026/04/15 12:4 p.m.4 views

SUSE-SU-2026:1345-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. - CVE-2026-3644: incomplete...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References11
nvd
nvd
added 2026/04/15 5:16 a.m.6 views

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS0.00183EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/15 12:0 a.m.4 views

PT-2026-32998

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References2
nessus
nessus
added 2026/04/14 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:1296-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1296-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References13
ubuntucve
ubuntucve
added 2026/04/13 10:16 p.m.8 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References4
osv
osv
added 2026/04/13 9:52 p.m.11 views

PSF-2026-17

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References8
osv
osv
added 2026/04/13 9:52 p.m.4 views

PSF-0000-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References3
snyk
snyk
added 2026/04/13 9:52 p.m.9 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the webbrowser.open function. An attacker can execute arbitrary commands by supplying a specially crafted URL containing %action that is processed by the API. Note: This issue is due to incomplete fix fo...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder