Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-021503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021503 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion whe...

CVE-2026-5140

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-30922)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python module pyasn1 CVE-2026-30922 Vulnerability Details...

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

Medium: python-pyasn1

Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands o...

Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3215 (ALAS-2026-3215)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3215 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply neste...

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

CVE-2026-34231

The CVE-2026-34231 entry is connected to a real advisory: GHSA-w7rv-gfp4-j9j3 describes an XSS in the Django package slippers, specifically in the {% attrs %} template tag. Root cause: AttrsNode renders without auto-escaping, and the custom Node.render path does not apply escaping, causing untrus...

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

slippers 跨站脚本漏洞

Slippers is a Django template language enhancement tool developed by Mitchel Cabuloy. Versions of Slippers prior to 0.6.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from template tags that did not escape context variables, which could lead to cross-site scripting...

OPENSUSE-SU-2026:10393-1 python311-pyasn1-0.6.3-1.1 on GA media

These are all security issues fixed in the python311-pyasn1-0.6.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-30922

CVE-2026-30922 affects the Python pyasn1 library. Prior to version 0.6.3, parsing deeply nested ASN.1 data with thousands of nested SEQUENCE/SET tags and Indefinite Length markers can trigger uncontrolled recursion, causing a RecursionError or exhausting memory (OOM) and crashing the host applica...

Linux Distros Unpatched Vulnerability : CVE-2026-30922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursio...

pyasn1 安全漏洞

pyasn1 is a Python library developed by the pyasn1 maintenance organization. Versions of pyasn1 prior to 0.6.3 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled recursion during the decoding of ASN.1 data with deeply nested structures, which could lead to...

Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...