CVE-2025-0938 — The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only m — CVE Database · The Intelligence Room