Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-442 Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-440 Malicious code in anduril-lattice-sdk-grpc-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1baa043d99a594c81f1a153d2da1d69bc4a2e67181cdf491c2f06f65120089aa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-3708

Malicious code in spellcheckpy PyPI...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...

EUVD-2026-3716

Malicious code in coolpackage2323 PyPI...

OPENSUSE-SU-2026:10077-1 python311-jaraco.context-6.1.0-1.1 on GA media

These are all security issues fixed in the python311-jaraco.context-6.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-75026 CVE-2026-0672 affecting package python3 for versions less than 3.12.9-8

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

EUVD-2026-3496

Malicious code in spellcheckerpy PyPI...

CVE-2025-56005

CVE-2025-56005 affects PLY 3.11 (PyPI) and is triggered via the picklefile parameter in yacc(), which deserializes a .pkl with pickle.load() without validation. The underlying cause is unsafe deserialization, enabling remote code execution as described in multiple sources; this is not limited to ...

MiracleLinux 9 : python3.9-3.9.18-1.el9_3.1 (AXSA:2024-7471:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7471:01 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

MiracleLinux 9 : python3.9-3.9.14-1.el9.1 (AXSA:2022-4506:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4506:01 advisory. python: local privilege escalation via the multiprocessing forkserver start method CVE-2022-42919 Tenable has extracted the preceding description block...

MiracleLinux 8 : python3-3.6.8-56.el8_9.2.ML.1 (AXSA:2024-7423:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7423:01 advisory. python: use after free in heappushpop of heapq module CVE-2022-48560 python: DoS when processing malformed Apple Property List files in binary forma...

MiracleLinux 8 : python3-3.6.8-56.el8_9.3.ML.1 (AXSA:2024-7427:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7427:02 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

MiracleLinux 9 : python3.9-3.9.16-1.el9.2 (AXSA:2023-6477:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6477:04 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 8 : python3.11-3.11.2-2.el8.1 (AXSA:2023-6179:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6179:02 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3.11-pip-22.3.1-4.el8 (AXSA:2023-7138:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7138:02 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : python-2.7.5-89.0.1.el7.AXS7 (AXSA:2020-863:49)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-863:49 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 Tenable has extracted the preceding description block direct...

MiracleLinux 7 : python3-3.6.8-19.el7 (AXSA:2023-6002:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6002:04 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...