CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

CVE-2026-56315

CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...

CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

Astra Linux - Vulnerability in Golang-1.19

The go command may generate unexpected code during build time when using cgo. This can lead to unexpected behavior when running a Go program that uses cgo. This issue may occur when running a trusted module that contains directories with newline characters in their names. Modules retrieved using...

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

K000161614: Out-of-band Security Notification (June 17, 2026)

Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

EUVD-2026-37125

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

PT-2026-49724

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description On Windows, Python uses the VPATH variable to locate landmarks, such as 'Modules/setup.local', to determine if it is running in a source tree and adjust the default sys.path. In certain...

glibc-static-nss-poc

glibc-static-nss-poc Proof of Concept demonstrating how stati...

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

openSUSE 16 Security Update : perl-CryptX (openSUSE-SU-2026:20936-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20936-1 advisory. Changes in perl-CryptX: - updated to 0.89.0 0.089 see /usr/share/doc/packages/perl-CryptX/Changes 0.089 2026-05-10 - new: Crypt::ASN1 - new:...

metasploit-cheatsheet

Metasploit Cheatsheet A practical reference for using Metaspl...

SUSE CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...