13250 matches found
SUSE CVE-2026-40347
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...
CVE-2026-6550
The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...
Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
MAL-2026-2949 Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
MAL-2026-2948 Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
pip 安全漏洞
pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which stems from treating connected tar and ZIP files as ZIP files. This vulnerability may lead to confusing installation behaviors...
MAL-2026-2863 Malicious code in rblx-studio-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +161 more potentially affected by CVE-2026-30912 via apache-airflow (>=1.8.2 <=3.1.8)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2026-30912 Source advisory: OSV:PYSEC-2026-18...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +161 more potentially affected by CVE-2026-25917 via apache-airflow (>=1.8.2 <=3.1.8)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2026-25917 Source advisory: OSV:PYSEC-2026-13...
Malicious code in shan-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2847 Malicious code in shan-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in shelipp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c745f1c7897e6075520af7c8d838b496c8af8814810ba86dafd64d09b3d24b97 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...
Malicious code in sher-net (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f87dc8302df47889be1acee83b535b423d7f04e597ed61cca62dc2727f4d5d46 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...
Malicious code in procoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2e6ce1118208c6647ef6e3c175235b92ee242cf0cc068281c4ae630da662c7b Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
MAL-2026-2835 Malicious code in procoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2e6ce1118208c6647ef6e3c175235b92ee242cf0cc068281c4ae630da662c7b Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
Malicious code in keystackutilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2834 Malicious code in loadcoremwassistant (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 20499474b0d0eb5a02bdd34aba8dbd438993b87506fb7a9bd88a62a729736221 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
ROS-20260417-73-0013
A vulnerability in the commonprefix function of the pip module of the Python programming language is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to add and modify arbitrary files...
Oracle Linux 7 : python (ELSA-2026-5393)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5393 advisory. - Fix for CVE-2025-15366 and CVE-2025-15367 Orabug: 39114639 Tenable has extracted the preceding description block directly from the Oracle Linux...