PYSEC-0000-CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

EUVD-2026-33682

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643

The CVE-2026-8643 vulnerability affects the Python package installer, pip. A flaw allows a malicious wheel containing crafted entry-point names that use directory traversal or absolute paths to cause wrappers to be written outside the installation directory, enabling arbitrary file overwrite and ...

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

PT-2026-45480

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description pip fails to sanitize the resolved absolute path to the installation directory when treating console scripts and gui scripts as paths rather than file names. This allows entry points to be...

PT-2026-44372

qSnapper: Vulnerable Privileged D-Bus Service https://t.co/uQxI7YkxyL GUI frontend for the Snapper utility for managing Btrfs snapshots. DoS, authentication bypass, information leaks, or even a local root exploit. SUSE discovered 5 CVEs CVE-2026-41045 through 41049 and more...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...

Security Bulletin: Vulnerability in JUnit4 shipped with Tivoli Netcool/OMNIbus (CVE-2020-15250)

Summary A vulnerability in JUnit4 that is used by the Mib Manager GUI component, in Netcool/OMNIbus, has been addressed. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure...

rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021268 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...

CVE-2025-9661 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28

OS command injection vulneravility in the management gui maintenance utility of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

Hitachi Virtual Storage Platform One Block 操作系统命令注入漏洞

Hitachi Virtual Storage Platform One Block is a high-performance block storage system device developed by Hitachi, Ltd. Versions 23, 24, 26, and 28 of Hitachi Virtual Storage Platform One Block contain vulnerabilities related to operating system command injection. These vulnerabilities stem from ...

CLSA-2026-1778005827 git: Fix of CVE-2025-46835

CVE-2025-46835: fix Git GUI from creating and overwriting arbitrary files when editing a file in a maliciously crafted repository directory...

Astra Linux - уязвимость в zabbix

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

MAL-2026-3240 Malicious code in timesmcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Malicious code in timermcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 999846a0fc964a7818742a15f547ddd0b154f6ca559902c048c3f478a681c64c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...