57766 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-47265
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are...
Critical Photon OS Security Update - PHSA-2026-5.0-0862
Updates of 'python3', 'unbound', 'wireshark', 'python3-pip', 'expat', 'linux', 'linux-esx' packages of Photon OS have been released...
CVE-2026-36576
The vulnerability CVE-2026-36576 affects the openlabs docker-wkhtmltopdf-aas project, specifically the app.py component, with evidence across NVD and related feeds. Up to commit 9f50579, an OS command injection allows an attacker to execute arbitrary commands via a crafted POST request. The CVSS ...
Security update for python-PyMuPDF (important)
openSUSE security update: security update for python-pymupdf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20887-1 Rating: important References: bsc1259921 Cross-References: CVE-2026-3029 Affected Products: openSUSE Leap 16.0...
Security update for python-urllib3_1 (important)
openSUSE security update: security update for python-urllib31 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20871-1 Rating: important References: bsc1265267 Cross-References: CVE-2026-44431 CVSS scores: CVE-2026-44431 SUSE : 7.5...
RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)
The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...
RockyLinux 10 : python3.12 (RLSA-2026:19064)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...
SUSE-SU-2026:22024-1 Security update for python-CairoSVG
This update for python-CairoSVG fixes the following issue: - CVE-2026-31899: denial of service via recursive element amplification bsc1259690...
OPENSUSE-SU-2026:20886-1 Security update for python-CairoSVG
This update for python-CairoSVG fixes the following issue: - CVE-2026-31899: denial of service via recursive element amplification bsc1259690...
CVE-2026-49136
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...
CVE-2026-45136
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
SUSE-SU-2026:22023-1 Security update for python-Flask
This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700...
OPENSUSE-SU-2026:20885-1 Security update for python-Flask
This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700...
OPENSUSE-SU-2026:20880-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...
MAL-2026-5167 Malicious code in jules-test-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
web-vulnerability-scanner_project
web-vulnerability-scannerprojec...
OPENSUSE-SU-2026:20887-1 Security update for python-PyMuPDF
This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the embeddedget function in main.py bsc1259921...
OPENSUSE-SU-2026:20871-1 Security update for python-urllib3_1
This update for python-urllib31 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...
SUSE-SU-2026:22011-1 Security update for python-urllib3_1
This update for python-urllib31 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...
Security update for python-Twisted
This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...