CVE-2026-5271 Possible to hijack modules in current working directory

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

CVE-2026-5271

CVE-2026-5271 concerns the Python tool pymanager, where the current working directory is added to sys.path. The underlying issue is that modules in the attacker-controlled directory can shadow intended packages, enabling a malicious module to be imported and executed when pymanager-generated comm...

Debian DSA-1828-1 : ocsinventory-agent - insecure module search path

It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory / in this case is included in the default perl...

dstat insecure module search path

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

FreeBSD : emacs -- run-python vulnerability (66657bd5-ac92-11dd-b541-001f3b19d541)

Emacs developers report : The Emacs command run-python' launches an interactive Python interpreter. After the Python process starts up, Emacs automatically sends it the line : import emacs which normally imports a script named emacs.py which is distributed with Emacs. This script, which is...

GNU Emacs 'python.el'代码执行漏洞

BUGTRAQ ID: 31052 CNCAN ID：CNCAN-2008091008 Emacs是一款可扩展的实时显示编辑器。 GNU Emacs不正确处理Python脚本，本地攻击者可以利用漏洞以应用程序权限执行任意代码。 GNU Emacs命令run-python'启动交互的Python解析器，在Python启动后，Emacs自动发送： import emacs 用于导入Emacs分发的emacs.py脚本，这个脚本一般位于包含其他Emacs程序文件的写保护的安装目录中，定义各种函数帮助Python与Emacs通信处理。...

emacs -- run-python vulnerability

Emacs developers report: The Emacs command run-python' launches an interactive Python interpreter. After the Python process starts up, Emacs automatically sends it the line: import emacs which normally imports a script named emacs.py which is distributed with Emacs. This script, which is typicall...

Cheetah: Untrusted module search path

Background Cheetah is a Python powered template engine and code generator. Description Brian Bird discovered that Cheetah searches for modules in the world-writable /tmp directory. Impact A malicious local user could place a module containing arbitrary code in /tmp, which when imported would run...