RLSA-2026:13641 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CLSA-2026-1777970333 python3: Fix of CVE-2021-3426

CVE-2021-3426: remove the pydoc getfile feature to prevent directory traversal...

Security Bulletin: Vulnerability in MCP Python SDK bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes MCP Python SDK. Following vulnerability could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. CVE-2025-66416. Vulnerability Details...

RHSA-2026:13692 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

RHSA-2026:13670 Red Hat Security Advisory: python-tornado security update

Bulletin has no description...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

RLSA-2026:13670 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ex-kernel

EXPLOIT KERNEL LINUX Installation gu...

[SECURITY] Fedora 44 Update: pyOpenSSL-26.1.0-1.fc44

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3. A patched version of the package is available...

CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2

CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2. A patched version of the package is available...

RHCOS 3 : OpenShift Container Platform 3.11.374 (RHSA-2021:0079)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0079 advisory. - golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter CVE-2019-11840 - kubernetes: MITM using...

PT-2026-37836

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

python311-social-auth-core-4.8.7-1.1 on GA media (moderate)

python311-social-auth-core-4.8.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10681-1 Rating: moderate Cross-References: CVE-2026-32597 CVSS scores: CVE-2026-32597 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-32597 SUSE : 8.7...

RHCOS 4 : OpenShift Container Platform 4.4.9 python-psutil (RHSA-2020:2583)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2583 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

RHCOS 4 : OpenShift Container Platform 4.2.36 python-psutil (RHSA-2020:2593)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2593 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

ROS-20260506-73-0049

Vulnerability in python-cairosvg related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

RockyLinux 10 : python-tornado (RLSA-2026:13641)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13641 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

ROS-20260506-73-0046

Vulnerability in python-tornado related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260506-73-0047

Vulnerability in python-jwcrypto related to incorrect handling of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...