Malicious code in timemcp-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2370fd05b77259c6177d02a019d357a9e7773539588345fe4a5582a9582a1aa3 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3141 Malicious code in coinmate-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8d1f75669f5e0386a83dad52d569b6711645921989cf520b3b15c59ec26424 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

angr 9.2.213

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

PT-2026-35976

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...

OPENSUSE-SU-2026:10658-1 python311-pypdf-6.10.2-2.1 on GA media

These are all security issues fixed in the python311-pypdf-6.10.2-2.1 package on the GA media of openSUSE Tumbleweed...

AlmaLinux 8 : python3.11 (ALSA-2026:11062)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

AlmaLinux 8 : python3.12 (ALSA-2026:10950)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Linux Distros Unpatched Vulnerability : CVE-2026-42284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes...

RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

AlmaLinux 8 : python3 (ALSA-2026:11077)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11077 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Linux Distros Unpatched Vulnerability : CVE-2026-42215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such ...

MAL-2026-3137 Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-7319

CVE-2026-7319 affects elinsky execution-system-mcp 0.1.0. The vulnerability is in the function _get_context_file_path (src/execution_system_mcp/server.py, add_action Tool), where improper handling of the context argument enables path traversal. Attack can be initiated remotely; the exploit has be...

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

USN-8198-2 python-tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...