CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

SUSE-SU-2026:21568-1 Security update for python-pytest

This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

OPENSUSE-SU-2026:20692-1 Security update for python-pytest

This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

Malicious code in playwright-acustomed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b21055de687ebac89fc9e5697c34b70cc910702d263b841399783f75b139bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...

python-tornado security update

An update is available for python-tornado. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:13641 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CLSA-2026-1777970333 python3: Fix of CVE-2021-3426

CVE-2021-3426: remove the pydoc getfile feature to prevent directory traversal...

Security Bulletin: Vulnerability in MCP Python SDK bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes MCP Python SDK. Following vulnerability could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. CVE-2025-66416. Vulnerability Details...

RHSA-2026:13692 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

RHSA-2026:13670 Red Hat Security Advisory: python-tornado security update

Bulletin has no description...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

RLSA-2026:13670 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ex-kernel

EXPLOIT KERNEL LINUX Installation gu...

[SECURITY] Fedora 44 Update: pyOpenSSL-26.1.0-1.fc44

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2

CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2. A patched version of the package is available...

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3. A patched version of the package is available...

PT-2026-37836

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

RHCOS 4 : OpenShift Container Platform 4.2.36 python-psutil (RHSA-2020:2593)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2593 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

RHCOS 4 : OpenShift Container Platform 4.4.9 python-psutil (RHSA-2020:2583)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2583 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...