a-data-processing (=0.0.1), a-mailx (=0.1.0) +1226 more potentially affected by CVE-2025-65106 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-65106 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14100977...

Siemens SIMATIC S7-1500 Improper Neutralization of CRLF Sequences (CVE-2019-9740)

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4412 more potentially affected by CVE-2025-62727 via starlette (>=0.10.1 <=0.49.0)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-62727 Source advisory: SNYK:PYTHON-STARLETTE-13733964...

[SECURITY] Fedora 42 Update: python3.10-3.10.19-1.fc42

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

[SECURITY] Fedora 41 Update: python3.12-3.12.12-1.fc41

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

EUVD-2014-9187

Malware in sbrugna...

EUVD-2022-53388

Malicious code in bioql PyPI...

Web-Vulnerability-Scanner

Web Application Vulnerability Scanner Internship Task - 2...

agentengine (>=0.1.5 <=0.1.8), deepmost (=0.5.2) +11 more potentially affected by CVE-2025-9959 via smolagents (>=1.12.0 <=1.19.0)

smolagents PYPI version =1.12.0, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-9959 Source advisory: SNYK:PYTHON-SMOLAGENTS-12549208...

2adif (=0.1.0), 3robotics (=0.0.1) +1563 more potentially affected by CVE-2025-50688 via twisted (>=16.0.0 <=26.4.0rc2)

twisted PYPI version =16.0.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 - aha-scrapyd =1.3.0 and more Source cves: CVE-2025-50688 Source advisory: SNYK:PYTHON-TWISTED-12671201...

MAL-2025-191771 Malicious code in jython-file (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc56f6ba4b75b25d4289c3aa3cb1d05f9b1d7bbfacf00b11e270d76ba87a1a3e Package attempts to load in an obfuscated way a code from a file not included in the package as well as inject a dynamic library to the Python dynamic libs...

Malicious code in jython-file (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc56f6ba4b75b25d4289c3aa3cb1d05f9b1d7bbfacf00b11e270d76ba87a1a3e Package attempts to load in an obfuscated way a code from a file not included in the package as well as inject a dynamic library to the Python dynamic libs...

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +198 more potentially affected by CVE-2025-0330 via litellm (>=1.0.0 <=1.65.4.post1)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.1.5, =1.1.1 and more Source cves: CVE-2025-0330 Source advisory: SNYK:PYTHON-LITELLM-9511161...

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

[SECURITY] Fedora 40 Update: python3.11-3.11.11-5.fc40

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

Exploit for Unrestricted Upload of File with Dangerous Type in Revmakx Backup_And_Staging_By_Wp_Time_Capsule

CVE-2024-8856 This tool scans WordPress websites for vulnerab...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

Amazon Linux 2023 : python3-bson, python3-pymongo, python3-pymongo-gridfs (ALAS2023-2024-614)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-614 advisory. Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged...