PT-2026-38527

These are all security issues fixed in the python311-jupyter-server-2.18.1-1.1 package on the GA media of openSUSE Tumbleweed...

RHCOS 4 : OpenShift Container Platform 4.7.0 (RHSA-2020:5634)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5634 advisory. - atomic-openshift: cross-namespace owner references can trigger deletions of valid children CVE-2019-3884 - kubernetes: Ceph RBD...

RHCOS 4 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2635 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

CLSA-2026-1777586657 python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

2adif (=0.1.0), 3robotics (=0.0.1) +1562 more potentially affected by CVE-2026-42304 via twisted (>=16.0.0 <=25.5.0)

twisted PYPI version =16.0.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 - aha-scrapyd =1.3.0 and more Source cves: CVE-2026-42304 Source advisory: OSV:GHSA-GRGV-6HW6-V9G4...

GHSA-37W4-HWHX-4RC4 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments...

Exploit for Improper Authentication in Microsoft

CVE-2026-26128 !Examplehttps://github.com/jarnovandenbrink/...

MAL-2026-3347 Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-35192 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-35192 Source advisory: SNYK:PYTHON-DJANGO-16425761...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-6907 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-6907 Source advisory: SNYK:PYTHON-DJANGO-16425745...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-35192 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-35192 Source advisory: OSV:PYSEC-2026-50...

MAL-2026-3341 Malicious code in runtime-probe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0253bd4b8dc52c1fc510a9355b9d4178b7e891c7fc0226537a8769dffcef6d89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in runtime-probe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0253bd4b8dc52c1fc510a9355b9d4178b7e891c7fc0226537a8769dffcef6d89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in runtime-readout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db23da97c424ee374983aaaa3b955d423abe32f91c024f372142dc234ae522d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

RHSA-2026:13641 Red Hat Security Advisory: python-tornado security update

Bulletin has no description...