PT-2026-23609

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.21.0 Description The /api/health/detailed endpoint in mcp-memory-service exposes sensitive system information, including OS version, Python version, CPU count, memory details, disk usage, and the full...

python313-Django6-6.0.3-1.1 on GA media (moderate)

python313-Django6-6.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10283-1 Rating: moderate Cross-References: CVE-2026-25674 CVSS scores: CVE-2026-25674 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-25674 SUSE : 6.3...

Unity Linux 20.1050a Security Update: python-pip (UTSA-2026-005680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005680 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgradi...

Fedora 43 : 389-ds-base / python3-docs / python3.14 (2026-27ce708600)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-27ce708600 advisory. - New minor version of the Python interpreter, bringing also security fixes. - 389-ds-base: Fix system index configuration issues - 389-ds-base: Fix...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-6.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

SUSE-SU-2026:0642-1 Security update for python313

This update for python313 fixes the following issues: Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines...

[SECURITY] Fedora 42 Update: uv-0.10.2-1.fc42

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

Arkanix Stealer: a C++ & Python infostealer

Introduction In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed "Arkanix Stealer" by its authors. It operated under a MaaS malware-as-a-service model, providing users not only with the implant but also with access to a control panel featuring...

python313-3.13.12-1.1 on GA media (moderate)

python313-3.13.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10223-1 Rating: moderate Cross-References: CVE-2025-11468 CVE-2025-15282 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 CVSS scores: CVE-2025-11468 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-11468 SUSE : 7.1...

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

MiracleLinux 8 : python3.12-3.12.12-2.el8_10 (AXSA:2026-167:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-167:07 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 Tenable has extracted the preceding description block directly from the MiracleLinux...

RHSA-2026:1704 Red Hat Security Advisory: python3.11-urllib3 security update

Bulletin has no description...

RLSA-2026:1088 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

RLSA-2026:1226 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

[SECURITY] Fedora 42 Update: python3.6-3.6.15-52.fc42

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

RHSA-2026:2084 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...