Lucene search
K

7415 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.19 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

9.1CVSS6.9AI score0.00621EPSS
Exploits1References31
RedhatCVE
RedhatCVE
added 2026/05/08 10:37 p.m.10 views

CVE-2026-7986

An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498396238...

6.5CVSS5.7AI score0.00157EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 5:45 a.m.8 views

BIT-JRE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

8.8CVSS7.6AI score0.0937EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.13 views

SUSE CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00292EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/07 4:51 a.m.18 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

TencentOS Server 2: python (TSSA-2026:0281)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0281 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.6 views

EUVD-2026-28079

Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00307EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.7 views

CVE-2026-7958

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 5:31 p.m.8 views

CLSA-2026-1778002331 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 1:29 p.m.11 views

USN-8237-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS5.8AI score0.00961EPSS
Exploits2References20
OSV
OSV
added 2026/05/05 5:35 p.m.9 views

CLSA-2026-1778002076 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/05 1:13 a.m.11 views

[SECURITY] Fedora 43 Update: chromium-147.0.7727.137-1.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

9.6CVSS6AI score0.00433EPSS
Exploits0
OSV
OSV
added 2026/05/05 12:28 a.m.11 views

CLSA-2026-1777940906 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by improper Media implementation. This vulnerability could allow remote attackers to execute UI spoofing through specially crafted HT...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References3
CloudLinux
CloudLinux
added 2026/05/02 12:58 a.m.16 views

python: Fix of 2 CVEs

CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...

7.1CVSS6.4AI score0.00308EPSS
Exploits0
Fedora
Fedora
added 2026/05/01 1:27 a.m.7 views

[SECURITY] Fedora 42 Update: chromium-147.0.7727.116-1.fc42

Chromium is an open-source web browser, powered by WebKit Blink...

9.6CVSS5.1AI score0.00285EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.12 views

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/29 9:47 a.m.8 views

CLSA-2026-1777456062 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.9 views

AlmaLinux 8 : python3 (ALSA-2026:11077)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11077 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

9.1CVSS6.2AI score0.00579EPSS
Exploits0References4
OSV
OSV
added 2026/04/28 6:0 a.m.14 views

RLSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS6.5AI score0.01279EPSS
Exploits1References12
Rows per page
Query Builder