10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=4.2.0) +477 more potentially affected by CVE-2026-42561 via python-multipart (>=0.0.10 <=0.0.26)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.5 and more Source cves: CVE-2026-42561 Source advisory: OSV:GHSA-PP6C-GR5W-3C5G...

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=4.2.0) +477 more potentially affected by CVE-2026-42561 via python-multipart (>=0.0.10 <=0.0.26)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.5 and more Source cves: CVE-2026-42561 Source advisory: SNYK:PYTHON-PYTHONMULTIPART-16438952...

Allocation of Resources Without Limits or Throttling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when parsing multipart headers in MultipartParser, which can hang without failing in the following states:...

python-multipart has Denial of Service via unbounded multipart part headers

Summary python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many...

GHSA-PP6C-GR5W-3C5G python-multipart has Denial of Service via unbounded multipart part headers

Summary python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many...

MAL-2026-3356 Malicious code in test-py-conn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...

Malicious code in test-py-conn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...

CLSA-2026-1773479178 python: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild...

CLSA-2026-1773479849 python: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild...

CLSA-2026-1778002331 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

CLSA-2026-1778087756 python3: Fix of 2 CVEs

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-33079 +1 more via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-33079, CVE-2026-33441 Source advisory: SNYK:PYTHON-MISTUNE-16438944...

[SECURITY] Fedora 43 Update: pyOpenSSL-26.1.0-1.fc43

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29090 via rucio (=1.30.5)

rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29090 Source advisory: SNYK:PYTHON-RUCIO-16635087...

ExploitMind

ExploitMind Overview ExploitMind is an en...

BIT-JAVA-MIN-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

BIT-JAVA-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

SUSE-SU-2026:21568-1 Security update for python-pytest

This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

OPENSUSE-SU-2026:20692-1 Security update for python-pytest

This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...