Linux Distros Unpatched Vulnerability : CVE-2026-42266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

OPENSUSE-SU-2026:10797-1 python311-python-multipart-0.0.28-1.1 on GA media

These are all security issues fixed in the python311-python-multipart-0.0.28-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : python39 (SUSE-SU-2026:1818-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1818-1 advisory. Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base6...

Fedora 43 : python-jupytext (2026-85b819b928)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85b819b928 advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...

Jsonpickle 代码注入漏洞

Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...

Photon OS 5.0: Python3 PHSA-2026-5.0-0850

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0850. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...

CVE-2026-45395

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint POST /api/v1/tools/id/id/update is missing the workspace.tools permission check that is present on the tool create endpoint. This allows a user who has been...

EUVD-2026-30627

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint POST /api/v1/tools/id/id/update is missing the workspace.tools permission check that is present on the tool create endpoint. This allows a user who has been...

GHSA-MQ5J-PW29-JCV3 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a...

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a...

brainfart (>=0.1.0 <=0.3.0), calibrate-agent (>=0.0.1 <=0.0.26) +47 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=1.1.0)

pipecat-ai PYPI version =0.0.90, =0.1.0, =0.0.1, =0.0.8, =0.1.0, =0.0.18, =0.0.2, =0.0.0, =1.0.0b3, =0.1.2, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-44716 Source advisory: SNYK:PYTHON-PIPECATAI-16700145...

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

CVE-2026-46383

Summary: CVE-2026-46383 affects Microsoft APM prior to 0.13.0, where the legacy-bundle probing during apm install on Windows can mishandle local .tar.gz archives. On Python 3.10/3.11, the probe may extract untrusted tar members with tar.extractall() without rejecting Windows absolute member name...

CVE-2026-46383 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

OESA-2026-2305 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

OESA-2026-2302 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

OESA-2026-2300 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

OESA-2026-2299 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...