python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

CVE-2026-6357

CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

CVE-2026-31683

A flaw was found in the batman-adv module of the Linux kernel. This vulnerability arises when the Optimized Global Messaging OGM aggregation state is dynamically altered, leading to insufficient buffer space skb tailroom for network packets. A remote attacker could exploit this condition by sendi...

org.apache.camel.karaf:camel-pqc (>=4.14.5 <=4.18.1), org.apache.camel.quarkus:camel-quarkus-pqc (>=3.24.0 <=3.33.0) +2 more potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (>=4.12.0 <=4.18.1)

org.apache.camel:camel-pqc MAVEN version =4.12.0, =4.14.5, =3.24.0, =3.24.0, =4.12.0, =4.18.1 Source cves: CVE-2026-40048 Source advisory: OSV:GHSA-V3VG-332R-MW99...

Exploit for CVE-2026-0911

CVE-2026-0911 — Hustle modül import PoC WordPress eklentisi...

CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

EUVD-2026-25881

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-35528

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description On Windows, the shutil.unpack archive function fails to properly check for absolute paths within ZIP archives. If an archive contains a path with a drive letter e.g., C:, files may be extract...

PT-2026-35435

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-30462

This CVE covers a path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 . Connected sources consistently identify the issue as a directory traversal risk within the Blocks component, affecting FuelCMS’s Blocks controller (e.g., Blocks.php). No concrete exploitation d...

PT-2026-35493

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock condition exists in the GPIO OMAP driver. The omap mpuio driver was being registered within the omap gpio probe function. Because the driver core prohibits registering drivers...

FUEL CMS 路径遍历漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a path traversal vulnerability, which stems from path traversal in the Blocks module and could lead to directory traversal attacks...

📄 Windows Cloud Files Tiering Engine Local Privilege Escalation

his Metasploit local exploit module models a Windows privilege escalation scenario involving Cloud Files, NTFS reparse points, named pipes, and service interaction. The workflow simulates abusing file system operations and cloud sync mechanisms by creating controlled directories, placeholder file...

PT-2026-35455

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...