7417 matches found
Important: python3.11
Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...
CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
EUVD-2026-20052
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
RHEL 9 : python3.12 (RHSA-2026:7010)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7010 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
SUSE-SU-2026:1206-1 Security update for python
This update for python fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input...
python -- more webbrowser.open() command injection vulnerabilities
Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open There is a HIGH severity vulnerability affecting CPython. Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypasse...
Important: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
[SECURITY] Fedora 42 Update: firefox-149.0-2.fc42
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...
Unspecified Vulnerability in Mozilla Firefox and Mozilla Thunderbird
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Firefox and Mozilla Thunderbird, which...
EUVD-2026-16893
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies...
Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2026-15401)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause out-of-bounds memory access to be performed via specially crafted HTML pages...
webbrowser.open() allows leading dashes in URLs
...
UBUNTU-CVE-2026-28859
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox...
[SECURITY] Fedora 44 Update: chromium-146.0.7680.153-1.fc44
Chromium is an open-source web browser, powered by WebKit Blink...
CVE-2026-4698
CVE-2026-4698 — JIT miscompilation in the JavaScript Engine (JIT component) . The issue is disclosed for Firefox/Thunderbird products and is described as a JIT miscompilation in the JavaScript engine’s JIT path. Affected versions are Firefox < 149, Firefox ESR < 115.34, and Firefox ESR
Google Chrome memory misreference vulnerability (CNVD-2026-16151)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by attackers to cause heap corruption...
SUSE CVE-2026-4519
The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...
CVE-2026-4519
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
EUVD-2026-13712
The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...