Important: python-twisted

Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20794-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20794-1 advisory. Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a...

RHEL 9 : python-tornado (RHSA-2026:20810)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20810 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

ROS-20260526-73-0005

Vulnerability in python-relenv related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260526-73-0009

Vulnerability in python-relenv related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260526-73-0010

Vulnerability in python-relenv related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260526-73-0001

A vulnerability in the email interpreter module of the Python programming language is related to improper code generation control. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...

ROS-20260526-73-0006

Vulnerability in python-relenv related to improper dynamic memory cleanup. Exploitation of the vulnerability allows a remote attacker to bypass security restrictions and cause a denial of service by sending specially crafted smb2 packets...

RHEL 9 : python-tornado (RHSA-2026:20573)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20573 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

OPENSUSE-SU-2026:10861-1 python311-pytest-html-4.2.0-2.1 on GA media

These are all security issues fixed in the python311-pytest-html-4.2.0-2.1 package on the GA media of openSUSE Tumbleweed...

RHEL 10 : python-markdown (RHSA-2026:20677)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20677 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Python format strings to insert id and text values into tags without proper HTML escapin...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1718)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1718 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

MAL-2026-4770 Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

SUSE-SU-2026:2055-1 Security update for python312

This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open bsc1262319. - CVE-2026-6019: BaseCookie.jsoutput does not...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2shell A Python 2.7 exploit for CVE-2...

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22,...

MAL-2026-4291 Malicious code in pylogkt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903 The package masquerades as a logging utility but every call to its logging API log.info/debug/etc triggers Logger.log, which on macOS hosts paths...