[SECURITY] [DLA 4543-1] simpleeval security update

Debian LTS Advisory DLA-4543-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón April 21, 2026 https://wiki.debian.org/LTS Package : simpleeval Version : 0.9.10-1+deb11u1 CVE ID : CVE-2026-32640 Debian Bug : 1130875 Byambadalai Sumiya discovered that...

[SECURITY] [DSA 6220-1] simpleeval security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6220-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2026 https://www.debian.org/security/faq -...

Debian dsa-6220 : python3-simpleeval - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6220 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6220-1 [email protected] https://www.debian.org/security/...

CVE-2021-32640

creationtimestamp| type| source ---|---|--- 2026-04-07 15:02:10+00:00| seen| https://t.me/codebysec/9952...

Security update for python-simpleeval (important)

openSUSE security update: security update for python-simpleeval ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20393-1 Rating: important References: bsc1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Leap 16.0...

Security update for python-simpleeval (important)

openSUSE Security Update: Security update for python-simpleeval Announcement ID: openSUSE-SU-2026:0086-1 Rating: important References: 1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Th...

SUSE CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

CVE-2026-32640

creationtimestamp| type| source ---|---|--- 2026-03-14 02:40:05+00:00| seen| https://gist.github.com/alon710/1291af57a3f24c084d79b6036abb3239 2026-03-18 23:07:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhem3o7bmm2x 2026-04-20 23:45:30+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-32640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to...

akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)

simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:GHSA-44VG-5WV2-H2HG...

evennia (>=1.0.0 <=6.0.0), fastapi-casbin-auth (>=1.3.0 <=1.5.0) +6 more potentially affected by CVE-2026-32640 via simpleeval (>=1.0.0 <=1.0.4)

simpleeval PYPI version =1.0.0, =1.0.0, =1.3.0, =2.8.0, =3.2.0, =1.0.0, =0.53.6, =0.54.0a10 Source cves: CVE-2026-32640 Source advisory: SNYK:PYTHON-SIMPLEEVAL-15610288...

CVE-2024-32640 MasaCMS SQL Injection vulnerability

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

CVE-2024-32640 MasaCMS SQL Injection vulnerability

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

CVE-2022-32640

In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652...

CVE-2025-32640 WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor One Click Accessibility allows Stored XSS. This issue affects One Click Accessibility: from n/a through 3.1.0...

CVE-2025-32640 WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Ally pojo-accessibility allows Stored XSS.This issue affects Ally: from n/a through = 3.1.0...

CVE-2025-32640

CVE-2025-32640 is a stored XSS in the WordPress plugin Ally – Web Accessibility & Usability (One Click Accessibility). The issue affects the One Click Accessibility component up to version 3.1.0 and requires authenticated access (Administrator+) to exploit. The connected Wordfence disclosure list...

WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Ayato Shitomi @ Fore-Z co.ltd in WordPress Plugin Ally versions = 3.1.0...

Exploit for CVE-2024-32640

CVE-2024-32640 MySQL Blind SQL Injection Proof of Concept Thi...

Exploit for CVE-2024-32640

And exploited SQL injection vulnerabilities in Mura/Masa C...