ROS-20260506-73-0046

Vulnerability in python-tornado related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260506-73-0049

Vulnerability in python-cairosvg related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

RockyLinux 10 : python-tornado (RLSA-2026:13641)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13641 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

OPENSUSE-SU-2026:10708-1 python311-Django4-4.2.30-2.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.30-2.1 package on the GA media of openSUSE Tumbleweed...

ROS-20260506-73-0047

Vulnerability in python-jwcrypto related to incorrect handling of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

RHEL 10 : fence-agents (RHSA-2026:13916)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13916 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

RHCOS 4 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - gogo/protobuf: plugin/unmarshal/unmarshal.go lack...

OPENSUSE-SU-2026:10709-1 python313-Django6-6.0.5-1.1 on GA media

These are all security issues fixed in the python313-Django6-6.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

ROS-20260506-73-0048

Vulnerability in python2-jwcrypto related to incorrect handling of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-38043

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

RHCOS 4 : OpenShift Container Platform 4.7.0 (RHSA-2020:5634)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5634 advisory. - atomic-openshift: cross-namespace owner references can trigger deletions of valid children CVE-2019-3884 - kubernetes: Ceph RBD...

PT-2026-38527

These are all security issues fixed in the python311-jupyter-server-2.18.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38289

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description The WebUI returns full Python traceback details to clients when unhandled exceptions occur. This happens because the endpoint "/web/" is accessible without authentication and renders template...

PT-2026-38278

Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...

RHCOS 4 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2635 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

CLSA-2026-1777586657 python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

2adif (=0.1.0), 3robotics (=0.0.1) +1562 more potentially affected by CVE-2026-42304 via twisted (>=16.0.0 <=25.5.0)

twisted PYPI version =16.0.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 - aha-scrapyd =1.3.0 and more Source cves: CVE-2026-42304 Source advisory: OSV:GHSA-GRGV-6HW6-V9G4...

GHSA-37W4-HWHX-4RC4 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments...

Exploit for Improper Authentication in Microsoft

CVE-2026-26128 !Examplehttps://github.com/jarnovandenbrink/...