1226 matches found
CVE-2026-57264
GeoWebPlayer’s Websocket Server (used by GV-VMS/GV-Cloud) exposes a command interface where many commands accept an index that is not consistently validated. The Talos and CVE records describe multiple CVEs (e.g., CVE-2026-57264) across several commands (connectInfo, setStream, setPIP, audio, sna...
SUSE SLED15 / SLES15 Security Update : python-pip (SUSE-SU-2026:2634-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2634-1 advisory. This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP...
SUSE-SU-2026:2634-1 Security update for python-pip
This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442. - CVE-2026-8643: path traversal via malicious entry point...
CVE-2025-71344
picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...
CVE-2025-71344
CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.
Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1838)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1838 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1839)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1839 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1837)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1837 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Astra Linux – Vulnerability in python-pip
When extracting a tar archive, pip may not check symbolic links pointing into the extraction directory if the tarfile module does not implement PEP 706. Note that upgrading pip to a “fixed” version does not fix all vulnerabilities that are mitigated by using a Python version that implements PEP...
Astra Linux – Vulnerability in python-pip
A flaw was discovered in python-pip regarding its handling of Unicode separators in git references. A remote attacker could potentially exploit this issue to install a different revision in a repository. The greatest threat posed by this vulnerability is to data integrity. This issue has been fix...
Astra Linux – Vulnerability in python-pip
When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...
Astra Linux – Vulnerability in python-pip
The pip package before version 19.2 for Python allows Directory Traversal when a URL is provided in an install command. This is possible because the Content-Disposition header can contain "../ in the filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This behavior occurs...
Critical Photon OS Security Update - PHSA-2026-4.0-1038
Updates of 'coredns', 'redis', 'erlang', 'rsync', 'python3-pip' packages of Photon OS have been released...
ROOT-APP-PYPI-CVE-2026-3219 CVE-2026-3219 in rootio-pip - Patched by Root
Root has patched CVE-2026-3219 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-6357 CVE-2026-6357 in rootio-pip - Patched by Root
Root has patched CVE-2026-6357 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-5752 CVE-2023-5752 in rootio-pip - Patched by Root
Root has patched CVE-2023-5752 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-8869 CVE-2025-8869 in rootio-pip - Patched by Root
Root has patched CVE-2025-8869 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...