python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

EUVD-2026-29869

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

ROS-20260513-73-0012

Vulnerability in python-django related to spoofing authentication bypass. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

ROS-20260513-73-0016

Vulnerability in python-requests related to insecure temporary files. Exploitation of the vulnerability could allow an attacker to overwrite arbitrary files...

CentOS 9 : python-markdown-3.3.4-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- markdown-3.3.4-5.el9 build changelog. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an...

Security update for python-jupyterlab (important)

openSUSE Security Update: Security update for python-jupyterlab Announcement ID: openSUSE-SU-2026:0165-1 Rating: important References: 1264348 Cross-References: CVE-2026-40171 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: Th...

python-multipart 安全漏洞

python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of python-multipart prior to 0.0.27 contained a security vulnerability; this vulnerability stemmed from the unlimited parsing of multipart headers, which could lead to denial-of-service attack...

JupyterLab 参数注入漏洞

JupyterLab is an open-source extension for interactive and reproducible computing environments, based on Jupyter Notebooks and their architecture. Versions 4.0.0 to 4.5.6 of JupyterLab contain a parameter injection vulnerability. This vulnerability arises from improper execution of the allowlist...

PT-2026-40724

Name of the Vulnerable Software and Affected Versions claude-code-cache-fix versions 3.5.0 through 3.5.1 Description The tools/quota-statusline.sh script interpolates the Claude Code hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled...

ROS-20260513-73-0011

Vulnerability in python-django related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260513-73-0010

Vulnerability in python-django related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

RHEL 10 : python3.12 (RHSA-2026:16699)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16699 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

angr 9.2.215

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

ROS-20260513-73-0017

Vulnerability in python2-requests related to insecure temporary files. Exploitation of the vulnerability could allow an attacker to overwrite arbitrary files...

ROS-20260513-73-0013

Vulnerability in python-django related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

CPython 代码问题漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has code vulnerabilities, which originate from the ftpcp function in Lib/ftplib.py. These vulnerabilities could allow attackers to control IP addresses and ports...

ROS-20260513-73-0014

Vulnerability in python-django related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +392 more potentially affected by CVE-2026-44660 via ujson (>=1.33.0 <=5.12.0)

ujson PYPI version =1.33.0, =1.0.0, =2.0.0, =0.1.3, =0.1.0, =0.1.0, =1.1.5, =0.1.0, =0.1.1, =0.5.2, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2026-44660 Source advisory: OSV:GHSA-C38F-WX89-P2XG...

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...