SUSE-SU-2026:21619-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue - CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803...

SUSE-SU-2026:21617-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue...

OESA-2026-2276 python-python-multipart security update

A streaming multipart parser for Python Security Fixes: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded...

OESA-2026-2270 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-2269 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-2220 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

OESA-2026-2199 python-dotenv security update

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...

OESA-2026-2198 python-dotenv security update

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...

CoreExploit-Final

CoreExploit 🔐 Ethical Penetration Testing Learning Platfor...

CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

UBUNTU-CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

EUVD-2026-28902

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-42309

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

EUVD-2026-28896

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017334 advisory. PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be...

Unity Linux 20.1070e Security Update: future (UTSA-2026-017344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017344 advisory. An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious we...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017340 advisory. Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Tenable has extracted the preceding description block...