732 matches found
Malicious code in cosmos-gradio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...
MAL-2026-10617 Malicious code in cosmos-cuda (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...
openSUSE 15: azure-cli / azure-cli-core / azure-cli-telemetry / python311-anyio / etc (SUSE-SU-SUSE-RU-2026:2237-2)
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2026:2237-2 advisory. Changes in azure-cli-core: - Drop CVE-2025-24049 patch, fixed upstream - New upstream release - Version 2.82.0 - For detailed information...
SUSE-RU-2026:2237-2 Recommended update for aazure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text, python-azure-appconfiguration, python-azure-appconfiguration-provider, python-azure-batch, python-azure-cognitiveservices-anomalydetector, python-azure-cognitiveservices-knowledge-qnamaker, python-azure-cognitiveservices-language-luis, python-azure-cognitiveservices-language-spellcheck, python-azure-cognitiveservices-language-textanalytics, python-azure-cognitiveservices-search-autosuggest, python-azure-cognitiveservices-search-customimagesearch, python-azure-cognitiveservices-search-customsearch, python-azure-cognitiveservices-search-entitysearch, python-azure-cognitiveservices-search-imagesearch, python-azure-cognitiveservices-search-videosearch, python-azure-cognitiveservices-search-websearch, python-azure-cognitiveservices-vision-computervision, python-azure-cognitiveservices-vision-contentmoderator, python-azure-cognitiveservices-vision-customvision, python-azure-cognitiveservices-vision-face python-azure-communication-callautomation, python-azure-communication-chat, python-azure-communication-email, python-azure-communication-messages, python-azure-communication-phonenumbers, python-azure-communication-rooms, python-azure-communication-sms, python-azure-core, python-azure-core-tracing-opencensus, python-azure-core-tracing-opentelemetry, python-azure-cosmos, python-azure-data-tables, python-azure-datalake-store, python-azure-developer-devcenter, python-azure-developer-loadtesting, python-azure-digitaltwins-core, python-azure-eventgrid, python-azure-eventhub, python-azure-eventhub-checkpointstoreblob, python-azure-eventhub-checkpointstoreblob-aio, python-azure-graphrbac, python-azure-health-deidentification, python-azure-healthinsights-radiologyinsights, python-azure-identity, python-azure-identity-broker, python-azure-keyvault-administration, python-azure-keyvault-certificates, python-azure-keyvault-keys, python-azure-keyvault-secrets, python-azure-keyvault-securitydomain, python-azure-maps-geolocation, python-azure-maps-route, python-azure-maps-timezone, python-azure-messaging-webpubsubclient, python-azure-messaging-webpubsubservice, python-azure-mgmt-apimanagement, python-azure-mgmt-appcomplianceautomation, python-azure-mgmt-appconfiguration, python-azure-mgmt-appcontainers, python-azure-mgmt-applicationinsights, python-azure-mgmt-appplatform, python-azure-mgmt-arizeaiobservabilityeval, python-azure-mgmt-astro, python-azure-mgmt-authorization, python-azure-mgmt-avs, python-azure-mgmt-azurestackhcivm, python-azure-mgmt-batch, python-azure-mgmt-batchai, python-azure-mgmt-billing, python-azure-mgmt-billingbenefits, python-azure-mgmt-carbonoptimization, python-azure-mgmt-cdn, python-azure-mgmt-chaos, python-azure-mgmt-cloudhealth, python-azure-mgmt-cognitiveservices, python-azure-mgmt-communication, python-azure-mgmt-compute, python-azure-mgmt-computefleet, python-azure-mgmt-computerecommender, python-azure-mgmt-computeschedule, python-azure-mgmt-confluent, python-azure-mgmt-connectedcache, python-azure-mgmt-containerinstance, python-azure-mgmt-containerorchestratorruntime, python-azure-mgmt-containerregistry, python-azure-mgmt-containerservice, python-azure-mgmt-containerservicefleet, python-azure-mgmt-containerservicesafeguards, python-azure-mgmt-core, python-azure-mgmt-cosmosdb, python-azure-mgmt-databasewatcher, python-azure-mgmt-databox, python-azure-mgmt-databoxedge, python-azure-mgmt-datafactory, python-azure-mgmt-datalake-store, python-azure-mgmt-datamigration, python-azure-mgmt-dataprotection, python-azure-mgmt-dellstorage, python-azure-mgmt-dependencymap, python-azure-mgmt-desktopvirtualization, python-azure-mgmt-devcenter, python-azure-mgmt-deviceregistry, python-azure-mgmt-devopsinfrastructure, python-azure-mgmt-devtestlabs, python-azure-mgmt-digitaltwins, python-azure-mgmt-dns, python-azure-mgmt-dnsresolver, python-azure-mgmt-durabletask, python-azure-mgmt-edgeorder, python-azure-mgmt-edgezones, python-azure-mgmt-elastic, python-azure-mgmt-elasticsan, python-azure-mgmt-eventgrid, python-azure-mgmt-eventhub, python-azure-mgmt-extendedlocation, python-azure-mgmt-fabric, python-azure-mgmt-frontdoor, python-azure-mgmt-hardwaresecuritymodules, python-azure-mgmt-hdinsight, python-azure-mgmt-hdinsightcontainers, python-azure-mgmt-healthcareapis, python-azure-mgmt-healthdataaiservices, python-azure-mgmt-hybridcompute, python-azure-mgmt-imagebuilder, python-azure-mgmt-impactreporting, python-azure-mgmt-informaticadatamanagement, python-azure-mgmt-iotfirmwaredefense, python-azure-mgmt-iothub, python-azure-mgmt-iotoperations, python-azure-mgmt-keyvault, python-azure-mgmt-kubernetesconfiguration-extensions, python-azure-mgmt-kubernetesconfiguration-extensiontypes, python-azure-mgmt-kubernetesconfiguration-fluxconfigurations, python-azure-mgmt-kusto, python-azure-mgmt-lambdatesthyperexecute, python-azure-mgmt-largeinstance, python-azure-mgmt-loganalytics, python-azure-mgmt-logz, python-azure-mgmt-media, python-azure-mgmt-migrationassessment, python-azure-mgmt-migrationdiscoverysap, python-azure-mgmt-mobilenetwork, python-azure-mgmt-mongocluster, python-azure-mgmt-mongodbatlas, python-azure-mgmt-monitor, python-azure-mgmt-msi, python-azure-mgmt-mysqlflexibleservers, python-azure-mgmt-neonpostgres, python-azure-mgmt-netapp, python-azure-mgmt-network, python-azure-mgmt-networkcloud, python-azure-mgmt-newrelicobservability, python-azure-mgmt-onlineexperimentation, python-azure-mgmt-oracledatabase, python-azure-mgmt-paloaltonetworksngfw, python-azure-mgmt-pineconevectordb, python-azure-mgmt-planetarycomputer, python-azure-mgmt-playwright, python-azure-mgmt-playwrighttesting, python-azure-mgmt-portalservicescopilot, python-azure-mgmt-postgresqlflexibleservers, python-azure-mgmt-powerbiembedded, python-azure-mgmt-privatedns, python-azure-mgmt-purestorageblock, python-azure-mgmt-quantum, python-azure-mgmt-qumulo, python-azure-mgmt-quota, python-azure-mgmt-rdbms, python-azure-mgmt-recoveryservices, python-azure-mgmt-recoveryservicesbackup, python-azure-mgmt-recoveryservicesdatareplication, python-dnspython, python-trio, python-websocket-client, python-anyio
This update for azure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text,...
CVE-2026-42085
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
CVE-2026-42086
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
SQL Injection
org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...
CVE-2026-42088
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
PYSEC-2026-105
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-42084
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
CVE-2026-42085
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
CVE-2026-42086
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
PYSEC-2026-105
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
CVE-2026-42088
Summary: CVE-2026-42088 affects OpenC3 COSMOS before 7.0.0-rc3. The Script Runner widget in the openc3-COSMOS-script-runner-api container allows any user with script permissions to bypass API checks and perform administrative actions across the docker network. This can enable reading/modifying da...
EUVD-2026-27065
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...