677 matches found
EUVD-2026-41419
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...
SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...
semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
Impact semantic-router versions 0.1.8 through 0.1.14 declare litellm=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82....
SUSE SLED15 / SLES15 Security Update : python-pip (SUSE-SU-2026:2634-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2634-1 advisory. This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP...
SUSE-SU-2026:2634-1 Security update for python-pip
This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442. - CVE-2026-8643: path traversal via malicious entry point...
ROOT-APP-PYPI-CVE-2026-24049 CVE-2026-24049 in rootio-wheel - Patched by Root
Root has patched CVE-2026-24049 in the rootio-wheel package for Root:PyPI. Multiple fixed versions available...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1837)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1837 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1839)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1839 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1838)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1838 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Astra Linux – Vulnerability in Wheel
A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...
Security update for python
This update for python fixes the following issues CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. CVE-2026-4786: Incomplete...
SUSE-SU-2026:2387-1 Security update for python
This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-4786: Incomplete...
OESA-2026-2631 python-pip security update
%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...
EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2026-2415)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...
GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2353)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...