709 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-32274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. Th...
CVE-2026-32274
A user input sanitization flaw has been discovered in the Black python code formatter. Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker...
CVE-2026-32274
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
UBUNTU-CVE-2026-32274
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-32274
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
Black 路径遍历漏洞
Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
UBUNTU-CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
Black 输入验证错误漏洞
Black is a Python code formatter developed by the Python Software Foundation. Versions of Black prior to 26.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability for malicious pull requests to configure the use of malicious repository URLs,...
PT-2026-24654
Name of the Vulnerable Software and Affected Versions Black versions prior to 26.3.0 Description Black is a Python code formatter that provides a GitHub action for code formatting. The action supports an option, use pyproject: true, to read the Black version from the repository's pyproject.toml...
Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1449)
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1449 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...
CVE-2026-27749
CVE-2026-27749 affects Avira Internet Security, specifically the System Speedup component. The vulnerability arises from deserialization of untrusted data by the privileged process Avira.SystemSpeedup.RealTimeOptimizer.exe (running as SYSTEM) which reads a file under C:\ProgramData and deserializ...
CVE-2026-27749
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...
Fedora 43 : 389-ds-base / python3-docs / python3.14 (2026-27ce708600)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-27ce708600 advisory. - New minor version of the Python interpreter, bringing also security fixes. - 389-ds-base: Fix system index configuration issues - 389-ds-base: Fix...