CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

CVE-2026-32640

CVE-2026-32640 affects the Python library SimpleEval, prior to version 1.0.5. According to the connected advisories, SimpleEval did not fully restrict module references and callback handling inside its sandbox, enabling sandbox bypass and potentially arbitrary code execution. The issue is fixed i...

EUVD-2026-12142

SimpleEval: Objects including modules can leak dangerous modules through to direct access inside the sandbox...

GHSA-CWXJ-RR6W-M6W7 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

CVE-2026-31899

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

SUSE CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

Exploit for CVE-2026-29000

CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...

CVE-2026-23942

CVE-2026-23942 is a path traversal vulnerability in the Erlang OTP ssh_sftpd module. The SFTP server uses a prefix-based check instead of proper path validation, allowing an authenticated user to access sibling directories that share prefixes with the configured root (e.g., root /home/user1 and p...

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...

EUVD-2026-11778

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

MINI-GR34-GG4Q-8P8R

Bulletin has no description...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

CVE-2025-15515

The CVE relates to an authentication flaw in a feature of the EasyShare module that can lead to data leakage when conditions on a local network are met. According to the entry, the issue has a CVSS v4.0 base score of 6.9 (Medium) with an Adjacent attack vector, Low attack complexity, no privilege...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

[SECURITY] Fedora 42 Update: dnf5-5.2.18.0-2.fc42

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...