UBUNTU-CVE-2026-41140

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-27962 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-27962 Source advisory:...

metasploit-mcp

metasploit-mcp Metasploit Framework MCP server for exploit ex...

coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)

flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: SNYK:PYTHON-FLASKREUPLOADED-15363340...

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

0x20bf (=0.0.1), 31 (=2.3.0) +4287 more potentially affected by CVE-2025-68146 via filelock (>=3.0.10 <=3.20.0)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: SNYK:PYTHON-FILELOCK-14458335...

EUVD-2025-18458

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via a python dependency. An attacker can execute arbitrary code, escalate privileges, access sensitive information, and tamper with data by injecting malicious input. Remediation A fix was pushed into the master...

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

NVIDIA Merlin Transformers4Rec 代码注入漏洞

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability, which originates from a Python dependency, that can be exploited by an attacker to perform malicious...

PT-2025-25588 · Python +1 · Pip +2

Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.3.0 Description: The issue concerns a dependency injection vulnerability. Conda-build lists conda-index as a Python dependency in its pyproject.toml file. Since conda-index is not published in PyPI, an attacke...

valgrind bug fix update

An update is available for valgrind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The valgrind packages provide the Valgrind programming tool that helps detec...

actinia-core (=6.0.0), aipackagewrapper (=0.1.0) +54 more potentially affected by CVE-2025-47273 via setuptools (>=78.0.1 <=78.1.0)

setuptools PYPI version =78.0.1, =4.1.0, =1.4.1, =0.1.0, =0.1.0, =0.0.20, =0.1.0, =8.6.2, =8.6.2, =3.0.0, =2.5.0, =2.7.19 - cx-freeze =8.1.0 and more Source cves: CVE-2025-47273 Source advisory: SNYK:PYTHON-SETUPTOOLS-9964606...

agent-path (>=0.1.0 <=0.1.2), agentc-llamaindex (=0.2.5a2) +838 more potentially affected by CVE-2024-12704 via llama-index-core (>=0.10.0 <=0.12.52.post1)

llama-index-core PYPI version =0.10.0, =0.1.0, =0.0.2, =0.1.0a0.dev0, =0.2.0a0, =0.0.6, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.1.0, =1.0.0, =1.1.6 - botrun-llama-kb =5.8.22 and more Source cves: CVE-2024-12704 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-9511125...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...

aldryn-django (=5.1.4.0), allianceauth (=5.0.0a1) +188 more potentially affected by CVE-2024-56374 via django (>=5.1.0 <=5.1.4)

django PYPI version =5.1.0, =0.42.1, =1.0.0, =1.23.0, =0.46.0, =0.2.0a1, =24.1.0, =0.2.0, =0.1.0, =0.2.2 - cg-django-uaa =2.1.8 and more Source cves: CVE-2024-56374 Source advisory: OSV:PYSEC-2025-1...

Exploit for CVE-2018-14714

CVE-2018-14714 RCE exploit ASUS wifi router RCE vulnerability...

SUSE-SU-2024:0507-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty Pipe automatic root exploit CVE-2022-0847 !eaeasse...