Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-5089 Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

web-application-security-testing-tool

web-application-security-testing-tool A Python-based Web Appli...

MAL-2026-5086 Malicious code in polymarket-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4 The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to...

SUSE CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

RockyLinux 9 : python3.14 (RLSA-2026:19176)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19176 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

Fedora 43 : python-urllib3 (2026-6dde06a6e9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6dde06a6e9 advisory. Update to 2.7.0 rhbz2467787 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

GHSA-HVHP-V2GC-268Q PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

GHSA-VG22-4GMJ-PRXW PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

xss-tester-payloads-

XSS Lab Lokalne laboratorium do ręcznego testowania payload...

EUVD-2026-30803

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...

python-gevent security update

An update is available for python-gevent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list gevent is a coroutine-based Python networking library that uses greenle...

RLSA-2024:8834 Important: python-gevent security update

gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop. Features include: convenient API around greenlets familiar synchronization primitives gevent.event, gevent.queue socket module that cooperates WSGI serve...

python-markdown security update

An update is available for python-markdown. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:19155 Important: python-markdown security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

python-jwcrypto security update

An update is available for python-jwcrypto. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:19064 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RLSA-2026:19042 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...