Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

aana (>=0.2.1 <=0.2.2), ace-step (=0.1.0) +227 more potentially affected by CVE-2026-44513 +1 more via diffusers (>=0.10.2 <=0.37.1)

diffusers PYPI version =0.10.2, =0.2.1, =1.8.20, =1.9.0, =0.0.0, =0.2.2, =0.0.2, =0.0.0, =0.1.0, =0.6.37, =0.0.4, =0.1.0, =0.1.0, =0.5.0 and more Source cves: CVE-2026-44513, CVE-2026-44827 Source advisory: SNYK:PYTHON-DIFFUSERS-16439019...

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +95 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=1.10.1 <=1.9.2)

microsoft-kiota-http PYPI version =1.10.1, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =3.0.1, =3.0.1, =0.1.1, =0.2.1, =0.1.0, =2.0.0 and more Source cves: CVE-2026-44503 Source advisory: SNYK:PYTHON-MICROSOFTKIOTAHTTP-16699940...

PT-2026-38900

These are all security issues fixed in the python311-Django-5.2.14-1.1 package on the GA media of openSUSE Tumbleweed...

python security update

2.6.6-68.0.6 - Fix CVE-2026-4519 Orabug: 39253111...

TencentOS Server 2: python (TSSA-2026:0281)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0281 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Unity Linux 20.1050e / 20.1070e Security Update: python-waitress (UTSA-2026-016504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016504 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call...

RHEL 9 : python3.11 (RHSA-2026:14653)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14653 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

MiracleLinux 9 : python-tornado-6.5.5-1.el9_7.1 (AXSA:2026-556:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-556:01 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

RHEL 9 : python3.12 (RHSA-2026:14656)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14656 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

OPENSUSE-SU-2026:10718-1 python311-Django-5.2.14-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.14-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 9 : python3.11 (RHSA-2026:14652)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14652 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

MiracleLinux 8 : python3-3.6.8-76.el8_10.ML.1 (AXSA:2026-547:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-547:06 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

TencentOS Server 2: python3 (TSSA-2026:0282)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0282 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of input validation, which may allow users to execute Python code and operating system commands on...

PT-2026-38418

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...