OPENSUSE-SU-2026:10667-1 python313-3.13.13-2.1 on GA media

These are all security issues fixed in the python313-3.13.13-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-43003

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent IPA sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image...

CLSA-2026-1777585788 python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

MAL-2026-3205 Malicious code in doisomgcxog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78d6a043bbe150c65e0a3e7e56c69f1ff32171b70a684d512c87a2bfe0baf0b5 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Malicious code in doisomgcxog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78d6a043bbe150c65e0a3e7e56c69f1ff32171b70a684d512c87a2bfe0baf0b5 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Exploit for CVE-2026-31431

Copy Fail PoC English Python PoC for CVE-2026-31431,...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +267 more potentially affected by CVE-2026-40171 via jupyterlab (>=4.0.0 <=4.5.6)

jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-40171 Source advisory: SNYK:PYTHON-JUPYTERLAB-16347194...

SUSE-SU-2026:1667-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796...

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

SUSE-SU-2026:1666-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796...

CLSA-2026-1777568294 python2: Fix of CVE-2026-6100

CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

Exploit for CVE-2026-31431

CVE-2026-31431-...

5mghost-rover (>=0.0.1 <=0.0.3), a-mailx (=0.1.0) +1168 more potentially affected by CVE-2026-7246 via click (>=8.2.0 <=8.3.2)

click PYPI version =8.2.0, =0.0.1, =1.3.8, =1.0.32, =0.6.0, =1.0.1, =0.2.3, =0.4.0, =0.2.6, =0.1.1, =0.1.0, =0.1.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-7246 Source advisory: SNYK:PYTHON-CLICK-16347201...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the filename parameter passed to editfiles function via click.edit. This function invokes a subprocess with shell=True that can be injected into by including double-quoted strings in a malicious filename. An attack...

ctf-scripts

CTF Scripts Kumpulan script otomatisasi dan template eksploit...

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

CLSA-2026-1777548230 python2: Fix of CVE-2026-6100

CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

RHSA-2026:11722 Red Hat Security Advisory: python-urllib3 security update

Bulletin has no description...