CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

Oracle Linux 6 : python (ELSA-2026-10102)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10102 advisory. 2.6.6-68.0.6 - Fix CVE-2026-4519 Orabug: 39253111 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PT-2026-38857

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

Apache mod_http2 Double-Free Detector

This is a python script that assist with detecting whether or not a server is vulnerable to the Apache modhttp2 double-free vulnerability...

Security update for python-pytest (moderate)

openSUSE security update: security update for python-pytest ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20692-1 Rating: moderate References: bsc1257090 Cross-References: CVE-2025-71176 Affected Products: openSUSE Leap 16.0...

aoh (>=1.0.1 <=1.1.0), beratools (=0.2.2) +25 more potentially affected by CVE-2026-8084 via gdal (>=3.0.1 <=3.12.1)

gdal PYPI version =3.0.1, =1.0.1, =0.1.1, =0.0.7, =2.0.1, =0.4.0, =0.2.92, =0.9.2, =0.10.3, =0.4.5, =2.6.0, =2.7.0 - hyp3lib =4.0.1 and more Source cves: CVE-2026-8084 Source advisory: SNYK:PYTHON-GDAL-16535530...

aoh (>=1.0.1 <=1.1.0), beratools (=0.2.2) +25 more potentially affected by CVE-2026-8087 via gdal (>=3.0.1 <=3.12.1)

gdal PYPI version =3.0.1, =1.0.1, =0.1.1, =0.0.7, =2.0.1, =0.4.0, =0.2.92, =0.9.2, =0.10.3, =0.4.5, =2.6.0, =2.7.0 - hyp3lib =4.0.1 and more Source cves: CVE-2026-8087 Source advisory: SNYK:PYTHON-GDAL-16535524...

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

MAL-2026-3371 Malicious code in pycacheopt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...

GHSA-JP4C-XJXW-MGF9 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, pypy-3.10, kubeflow-katib, datadog-agent, py3-pip...

CVE-2026-6357 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, pypy-3.10, kubeflow-katib, datadog-agent, py3-pip...

MAL-2026-3370 Malicious code in sufiagent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

MAL-2026-3367 Malicious code in crayrandomiz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

CVE-2026-42215 GitPython: Command injection via Git options bypass

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

Important: Red Hat Security Advisory: Satellite 6.16.8 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Malicious code in yc-depconf-test-807dff (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe18d1e58fe7fbcd1a68dc26d47c9fa27f9678cf4bc50e3aa4ad35b16d0f85ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...