Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-cryptography (UTSA-2026-017476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017476 advisory. In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-jinja2 (UTSA-2026-017474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017474 advisory. This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-psutil (UTSA-2026-017488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017488 advisory. psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into ...

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention; this vulnerability stems from the training script registering the Python eval function as a Hydra configuration parser, whic...

PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

OverrideFuzz: Semantic-Aware Grammar Fuzzing for Script-Runtime Vulnerabilities

Script-language runtimes such as Python, Lua, and JavaScript are widely deployed in security sensitive contexts, yet they remain difficult to test because valid inputs must satisfy syntax, dynamic type constraints, and object-level semantics. Existing grammar and reflection-based fuzzers improve...

Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

[SECURITY] Fedora 44 Update: python-requests-2.33.1-1.fc44

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

aoh (>=1.0.1 <=1.1.0), beratools (=0.2.2) +25 more potentially affected by CVE-2026-8212 via gdal (>=3.0.1 <=3.12.1)

gdal PYPI version =3.0.1, =1.0.1, =0.1.1, =0.0.7, =2.0.1, =0.4.0, =0.2.92, =0.9.2, =0.10.3, =0.4.5, =2.6.0, =2.7.0 - hyp3lib =4.0.1 and more Source cves: CVE-2026-8212 Source advisory: SNYK:PYTHON-GDAL-16624512...

Fedora 44 : python-pulp-glue / python-requests (2026-44919b3d9f)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-44919b3d9f advisory. 2.33.1 2026-03-30 ------------------- Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed...

SUSE SLED15 / SLES15 Security Update : python-pytest (SUSE-SU-2026:1744-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1744-1 advisory. This update for python-pytest fixes the following issue - CVE-2025-71176: a TOCTOU race condition can cause a denial of...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

openSUSE 16 Security Update : python-pytest (openSUSE-SU-2026:20692-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20692-1 advisory. This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain...

ViperForge

...

MAL-2026-3406 Malicious code in ggfmttygl-new (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2098233a75602dd1779f720f566420f4a88ec77694b206e7858323b5aeea38d5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...

Malicious code in ggfmttygl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e741cc1df48cc526ad3a27ac702f5dea403723557b4a485f84847340310d66e5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...

MAL-2026-3401 Malicious code in bttcli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ce4d4558612dd659843989e690b64a3c4073d5a4b34217c2e89a5325835da685 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

Malicious code in bttcli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ce4d4558612dd659843989e690b64a3c4073d5a4b34217c2e89a5325835da685 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

Malicious code in python-bittensor-config-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

MAL-2026-3402 Malicious code in python-bittensor-config-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...