RLSA-2026:19175 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

MiracleLinux 8 : python3-3.6.8-75.el8_10.ML.1 (AXSA:2026-407:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-407:04 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

MiracleLinux 8 : python3.12-3.12.12-3.el8_10 (AXSA:2026-308:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-308:09 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

Exploit for CVE-2025-36911

WhisperPair Python CLI Fast Pair CVE-2025-36911 Exploit To...

pocFlexiPwn

It is an offensive tool for web exploitation. The repository con...

EUVD-2019-0046

Malware in sbrugna...

EUVD-2023-40427

Malicious code in bioql PyPI...

EUVD-2024-43982

Malicious code in bioql PyPI...

Exploit for Path Traversal in Rarlab Winrar

PoC exploit for CVE-2025-8088, a vulnerability in WinRAR. The ta...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

dbe dbe is a Python command-line tool that allows you to s...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

PT-2024-30579 · Amazon · Aws Sagemaker

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt versions up to and including 0.3.0 versions prior to 0.6.0 Description: A Python command injection vulnerability exists in the complete method of the SagemakerLLM class within ./private...

Exploit for Path Traversal in Apache Http_Server

It is an exploit module/toolkit targeting Apache path traversal...

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure...

SUSE: Security Advisory (SUSE-SU-2022:2249-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

Python 命令注入漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A command injection vulnerability exists in Python version 3.10.4 and earlier versions, which stems from the mailc...

MGASA-2019-0340 Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...