Lucene search
K

7417 matches found

Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: python3.11

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/08 9:21 p.m.8 views

CVE-2026-5903

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.4AI score0.00261EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/08 2:7 p.m.4 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6.2AI score0.00308EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 6:31 a.m.7 views

EUVD-2026-20052

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

5.4CVSS6.2AI score0.00155EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.9 views

RHEL 9 : python3.12 (RHSA-2026:7010)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7010 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 2:18 p.m.4 views

SUSE-SU-2026:1206-1 Security update for python

This update for python fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2026/04/06 12:0 a.m.21 views

python -- more webbrowser.open() command injection vulnerabilities

Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open There is a HIGH severity vulnerability affecting CPython. Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypasse...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/31 4:39 p.m.11 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/31 1:9 a.m.6 views

[SECURITY] Fedora 42 Update: firefox-149.0-2.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

5.8AI score
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.4 views

Unspecified Vulnerability in Mozilla Firefox and Mozilla Thunderbird

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Firefox and Mozilla Thunderbird, which...

9.8CVSS7.6AI score0.0033EPSS
Exploits0
EUVD
EUVD
added 2026/03/29 3:23 p.m.3 views

EUVD-2026-16893

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References6
CNVD
CNVD
added 2026/03/26 12:0 a.m.3 views

Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2026-15401)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause out-of-bounds memory access to be performed via specially crafted HTML pages...

8.8CVSS7.3AI score0.00454EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/25 8:5 a.m.2 views

webbrowser.open() allows leading dashes in URLs

...

7.1CVSS5.8AI score0.00308EPSS
Exploits0
OSV
OSV
added 2026/03/25 1:17 a.m.11 views

UBUNTU-CVE-2026-28859

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox...

8.8CVSS5.7AI score0.00636EPSS
Exploits0References3
Fedora
Fedora
added 2026/03/25 12:56 a.m.15 views

[SECURITY] Fedora 44 Update: chromium-146.0.7680.153-1.fc44

Chromium is an open-source web browser, powered by WebKit Blink...

8.8CVSS6AI score0.00415EPSS
Exploits1
CVE
CVE
added 2026/03/24 12:30 p.m.39 views

CVE-2026-4698

CVE-2026-4698 — JIT miscompilation in the JavaScript Engine (JIT component) . The issue is disclosed for Firefox/Thunderbird products and is described as a JIT miscompilation in the JavaScript engine’s JIT path. Affected versions are Firefox < 149, Firefox ESR < 115.34, and Firefox ESR

9.8CVSS7.2AI score0.00755EPSS
Exploits0References34Affected Software1
CNVD
CNVD
added 2026/03/23 12:0 a.m.4 views

Google Chrome memory misreference vulnerability (CNVD-2026-16151)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by attackers to cause heap corruption...

8.8CVSS6AI score0.00317EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/22 12:25 a.m.5 views

SUSE CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References33
RedhatCVE
RedhatCVE
added 2026/03/20 9:17 p.m.6 views

CVE-2026-4519

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/20 3:31 p.m.2 views

EUVD-2026-13712

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7CVSS5.8AI score0.00308EPSS
Exploits0References4
Rows per page
Query Builder