Linux Distros Unpatched Vulnerability : CVE-2026-33936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdD...

OESA-2026-1775 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

CLSA-2026-1774614606 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

Langflow Detection

A Langflow Python library is installed on the remote host. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid303796; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/03/26"; scriptnameenglish:"Langflow Detection";...

SUSE-SU-2026:20933-1 Security update for python-ldap

This update for python-ldap fixes the following issues: - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913...

entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24157 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)

nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24157 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912166...

entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24159 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)

nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24159 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912093...

OPENSUSE-SU-2026:10416-1 python313-PyMuPDF-1.27.2.2-1.1 on GA media

These are all security issues fixed in the python313-PyMuPDF-1.27.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +80 more potentially affected by CVE-2026-26209 via cbor2 (>=5.0.1 <=5.8.0)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-26209 Source advisory: SNYK:PYTHON-CBOR2-15762225...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

SUSE CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

OPENSUSE-SU-2026:10397-1 python311-PyJWT-2.12.1-1.1 on GA media

These are all security issues fixed in the python311-PyJWT-2.12.1-1.1 package on the GA media of openSUSE Tumbleweed...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33231 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33231 Source advisory: SNYK:PYTHON-NLTK-15692504...

cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

CVE-2026-32640

A flaw was found in the Python library, SimpleEval. A remote attacker could exploit this vulnerability by providing specially crafted input that allows dangerous modules or functions to be accessed outside of the intended sandbox environment. This could lead to arbitrary code execution within the...

EulerOS Virtualization 2.12.1 : python-ldap (EulerOS-SA-2026-1456)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...