Fedora 44 : python3.9 (2026-85cf3694d8)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85cf3694d8 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...

RHEL 6 : python-urllib3 (RHSA-2026:11722)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:11722 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

Python-Multipart 0.0.22 - Path Traversal

Exploit Title: Python-Multipart 0.0.22 - Path Traversal Date: 2026-02-23 Exploit Author: cardosource Vendor Homepage: https://github.com/Kludex/python-multipart Software Link: https://pypi.org/project/python-multipart/ Version: 0.0.22 REQUIRED Tested on: Ubuntu / Python 3.13.5 / Docker as root fo...

CVE MCP Server 0.1.0

CVE MCP Server is a production-grade Model Context Protocol MCP server that turns Claude into a full-spectrum security analyst. Instead of juggling 15+ browser tabs across NVD, EPSS, CISA KEV, Shodan, VirusTotal, and GreyNoise, ask Claude one question and get correlated intelligence in seconds...

Fedora 45 : kryoptic / pyOpenSSL / python-cryptography / rust-asn1 / etc (2026-13a0c86ba1)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-13a0c86ba1 advisory. Update python-cryptography to 47.0.0 As a result, rust-asn1 is bumped to 0.24, and pyOpenSSL is bumped to 26.1. kryoptic is rebuilt with a patch to support...

Important: python3.11

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

Important: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...

MiracleLinux 9 : python3.9-3.9.25-3.el9_7.3 (AXSA:2026-513:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-513:04 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1618)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1618 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

Security update for python-jwcrypto (important)

openSUSE security update: security update for python-jwcrypto ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20644-1 Rating: important References: bsc1261802 Cross-References: CVE-2026-39373 CVSS scores: CVE-2026-39373 SUSE : 7.5...

Malicious code in rblx-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0078ee9b9f6221ab242c9f2442f86670e320a5058c306590b5e5b458066e414 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3191 Malicious code in rblx-https (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b7d7435a6bcfd1a9437108a21af9ca6be7c60aa1e0c6e9e90a40ac43b26cf67 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in rblx-https (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b7d7435a6bcfd1a9437108a21af9ca6be7c60aa1e0c6e9e90a40ac43b26cf67 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

exploit-db-skill

Exploit-DB Skill Cross-Platform Small cross-platform helper...

MAL-2026-3192 Malicious code in ro-db (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd23f786275f7f9939deab001c8b06daaba21ad7dcb861fd6bb9cdd2e3d830c During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

GHSA-44V6-JHGM-P3M4 n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

aana (>=0.2.1 <=0.2.2.2), adaptive-kmpc-py (>=0.1.0 <=0.1.1) +1019 more potentially affected by CVE-2026-44484 via lightning (>=1.8.6 <=2.6.1)

lightning PYPI version =1.8.6, =0.2.1, =0.1.0, =2.0.0, =1.3.0, =0.2.0, =2025.4.0, =0.0.0, =0.1.11, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.1rc1 and more Source cves: CVE-2026-44484 Source advisory: SNYK:PYTHON-LIGHTNING-16323121...