Security update for python-urllib3_1 (important)

openSUSE security update: security update for python-urllib31 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20871-1 Rating: important References: bsc1265267 Cross-References: CVE-2026-44431 CVSS scores: CVE-2026-44431 SUSE : 7.5...

RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

MAL-2026-5167 Malicious code in jules-test-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

web-vulnerability-scanner_project

web-vulnerability-scannerprojec...

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

Security update for python-Twisted

This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:2219-1 Security update for python-Twisted

This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

Security update for python3-Twisted

This update for python3-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...

MAL-2026-5151 Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5. A patched version of the package is available...

angr 9.2.220

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

PT-2026-45972

These are all security issues fixed in the python311-pip-26.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10940-1 python311-pip-26.1.2-1.1 on GA media

These are all security issues fixed in the python311-pip-26.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES16 Security Update : python-mistune (SUSE-SU-2026:21858-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21858-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via...

openSUSE 16 Security Update : python-python-multipart (openSUSE-SU-2026:20846-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20846-1 advisory. This update for python-python-multipart fixes the following issues - CVE-2026-40347: crafted multipart/form-data can cause a denial of service...

SUSE SLES16 Security Update : python-Pillow (SUSE-SU-2026:21861-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21861-1 advisory. This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial ...

MAL-2026-5123 Malicious code in imgmatrix-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2a9f964e4264c7bcc91047fdfb9966b1ae807e1e60fafa559d5543ed6e3dc83e During import, the package executes remote commands sourced from a Google Sheet. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...