MAL-2026-443 Malicious code in 1q847 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe398aee3ca61989d1610e4b2edae183ef70d5fabc08709875ca9ef8725d82c5 Package contains two DLL libraries, one of them packed. Both are widely recognized as malware. The exact behavior is not known --- Category: MALICIOUS - The...

EUVD-2026-3706

Malicious code in xadauiom PyPI...

Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-442 Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-440 Malicious code in anduril-lattice-sdk-grpc-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1baa043d99a594c81f1a153d2da1d69bc4a2e67181cdf491c2f06f65120089aa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-3708

Malicious code in spellcheckpy PyPI...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...

EUVD-2026-3716

Malicious code in coolpackage2323 PyPI...

OPENSUSE-SU-2026:10077-1 python311-jaraco.context-6.1.0-1.1 on GA media

These are all security issues fixed in the python311-jaraco.context-6.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-75026 CVE-2026-0672 affecting package python3 for versions less than 3.12.9-8

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

EUVD-2026-3496

Malicious code in spellcheckerpy PyPI...

MiracleLinux 9 : python3.9-3.9.14-1.el9.1 (AXSA:2022-4506:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4506:01 advisory. python: local privilege escalation via the multiprocessing forkserver start method CVE-2022-42919 Tenable has extracted the preceding description block...

CVE-2025-56005

CVE-2025-56005 affects PLY 3.11 (PyPI) and is triggered via the picklefile parameter in yacc(), which deserializes a .pkl with pickle.load() without validation. The underlying cause is unsafe deserialization, enabling remote code execution as described in multiple sources; this is not limited to ...

MiracleLinux 9 : python3.9-3.9.16-1.el9.2 (AXSA:2023-6477:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6477:04 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 8 : python3-3.6.8-69.el8_10.ML.1 (AXSA:2024-9057:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9057:07 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

MiracleLinux 8 : python3.12-3.12.3-2.el8_10 (AXSA:2024-8530:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8530:01 advisory. python: The zipfile module is vulnerable to zip-bombs leading to denial of service CVE-2024-0450 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : python3.11-3.11.2-2.el8.1 (AXSA:2023-6179:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6179:02 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3.11-pip-22.3.1-4.el8 (AXSA:2023-7138:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7138:02 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3-3.6.8-56.el8_9.2.ML.1 (AXSA:2024-7423:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7423:01 advisory. python: use after free in heappushpop of heapq module CVE-2022-48560 python: DoS when processing malformed Apple Property List files in binary forma...