urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

Malicious code in coderzero (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...

CVE-2026-8838

CVE-2026-8838 affects the amazon-redshift-python-driver prior to 2.1.14. The issue arises from unsafe use of Python’s eval() on server-received data in the vector_in() function, enabling a rogue server or man-in-the-middle actor to execute arbitrary code on the client. Affected component: amazon-...

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

Malicious code in vision-service-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 faa725015cfe04b49bbcf9f472d21a77993c7ca9692ad2b0912e9bd3d2554669 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2186 Malicious code in vision-service-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 faa725015cfe04b49bbcf9f472d21a77993c7ca9692ad2b0912e9bd3d2554669 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

CVE-2026-21226

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Azure Core shared client library for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +16245 more potentially affected by CVE-2025-66471 via urllib3 (>=1.10.2 <=2.5.0)

urllib3 PYPI version =1.10.2, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 and more Source cves: CVE-2025-66471 Source advisory: OSV:GHSA-2XPW-W6GG-JR37...

[SECURITY] Fedora 43 Update: openapi-python-client-0.26.2-4.fc43

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

Fedora: Security Advisory (FEDORA-2025-ce3d358bcc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : openapi-python-client (2025-16b2da653e)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-16b2da653e advisory. - add patch to remove dependency upper bound versions - remove obsolete patches that updated upper bound versions - clean up spec file formatting Tenable has...

Fedora: Security Advisory (FEDORA-2025-16b2da653e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : openapi-python-client (2025-ce3d358bcc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ce3d358bcc advisory. - add patch to remove dependency upper bound versions - remove obsolete patches that updated upper bound versions - clean up spec file formatting Tenable has...

Fedora 42 : openapi-python-client / python-uv-build / ruff / etc (2025-a77c1f005b)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-a77c1f005b advisory. uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for...