[SECURITY] Fedora 44 Update: pypy-7.3.22-2.fc44

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

OverrideFuzz: Semantic-Aware Grammar Fuzzing for Script-Runtime Vulnerabilities

Script-language runtimes such as Python, Lua, and JavaScript are widely deployed in security sensitive contexts, yet they remain difficult to test because valid inputs must satisfy syntax, dynamic type constraints, and object-level semantics. Existing grammar and reflection-based fuzzers improve...

[SECURITY] Fedora 44 Update: python3.6-3.6.15-55.fc44

Python is an accessible, high-level, dynamically typed, interpreted programmi ng language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.6 package provides the "python3" executable: the...

AlmaLinux 10 : python3.12 (ALSA-2026:4713)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4713 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...

CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...

Malicious Package

Overview ansi-universal-ui is a malicious package. This package contains malicious code, and it has been removed from the official package manager. The package sets up a standalone Python runtime and downloads an obfuscated payload from an Appwrite storage bucket that, upon execution, performs an...

Vulnerable Python version used in Forcepoint One DLP Client

Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore...

RHEL 9 : python3.9 (RHSA-2025:15724)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15724 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...

HexChat 2.9.4 - Local Overflow

!/usr/bin/python HexChat 2.9.4 Local Exploit Bug found by Jules Carter Exploit by Matt "hostess" Andreko http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"30 shellcode = msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e x86/alphamixed -f c...