634 matches found
CVE-2026-3276 vulnerabilities
Vulnerabilities for packages: python...
CVE-2026-45830
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...
DEBIAN-CVE-2026-10142
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...
UBUNTU-CVE-2026-10142
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...
python-vuln-scanner
Python Vulnerability Scanner !Pythonhttps://img.shields.io...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
RHEL 6 : python (RHSA-2026:22144)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22144 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)
Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway for Multiplatforms.
Summary CICS Transaction Gateway for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2025-15281, CVE-2026-0915, CVE-2025-15366, CVE-2025-15367, CVE-2026-0865, CVE-2026-1299, CVE-2025-14831, CVE-2025-9820, CVE-2025-69419, WS-2026-0003, GHSA-72hv-8253-57qq...
Astra Linux - уязвимость в python3.11, python3.7
A issue was discovered in the CPython tempfile.TemporaryDirectory class, affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier versions. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means that users who can...
Astra Linux - уязвимость в python2.7
In Python 3.x through 3.9.1, there is a buffer overflow issue in the PyCArgrepr function within ctypes/callproc.c. This issue may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This was demonstrated by the use of the argument...
Astra Linux - уязвимость в python2.7, pypy
In Python versions 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an HTTP server can perform Regular Expression Denial of Service ReDoS attacks against clients due to the use of urllib.request.AbstractBasicAuthHandler, which allows catastrophi...
Astra Linux - уязвимость в python3.11, python2.7, python3.7
The ‘zipfile’ module does not check the validity of the offset value specified in the ZIP64 End of Central Directory EOCD Locator record. Instead, the ZIP64 EOCD record is assumed to be the previous record in the ZIP archive. This behavior can be exploited to create ZIP archives that are processe...
Astra Linux - уязвимость в python3.7
The lib/zipfile.py module in Python, as of version 3.7.2, allows remote attackers to cause a denial of service resource consumption through a ZIP bomb attack...
Astra Linux – Vulnerability in Python 3.7, Python 2.7
A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This could lead to a CPU denial of service if a maliciously crafted, unreasonably long hostname was provided to the decoder...
Astra Linux - уязвимость в pypy
Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...
RHEL 7 : python (RHSA-2026:19589)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19589 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
RHEL 9 : python3.11 (RHSA-2026:18957)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18957 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...