Netsweeper <=6.4.3 - Python Code Injection

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. id: CVE-2020-13167 info: name: Netsweeper =6.4.4 to mitiga...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Exploit de Execução Remota de Código RCE no X...

RockyLinux 10 : python-markdown (RLSA-2026:19155)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19155 advisory. python-markdown: denial of service via malformed HTML-like sequences CVE-2025-69534 Tenable has extracted the preceding description block directly from the...

SUSE SLED15 / SLES15 Security Update : python-urllib3_1 (SUSE-SU-2026:2067-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2067-1 advisory. This update for python-urllib31 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to...

Security update for python-Pillow (important)

openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20831-1 Rating: important References: bsc1265153 bsc1265154 bsc1265359 Cross-References: CVE-2026-42308 CVE-2026-42309 CVE-2026-42310 CVSS...

OPENSUSE-SU-2026:10900-1 python311-dulwich-1.2.5-1.1 on GA media

These are all security issues fixed in the python311-dulwich-1.2.5-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:2065-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2065-1 advisory. This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being...

RockyLinux 10 : python3.14 (RLSA-2026:19019)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19019 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

Linux Distros Unpatched Vulnerability : CVE-2026-48526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC...

RockyLinux 8 : python-gevent (RLSA-2024:8834)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8834 advisory. python-gevent: privilege escalation via a crafted script to the WSGIServer component CVE-2023-41419 Tenable has extracted the preceding description block directly...

Security update for python-pytest-html (important)

openSUSE security update: security update for python-pytest-html ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20839-1 Rating: important References: bsc1266254 Cross-References: CVE-2026-9277 CVSS scores: CVE-2026-9277 SUSE : 8.1...

Security update for python-mistune (important)

openSUSE security update: security update for python-mistune ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20827-1 Rating: important References: bsc1264347 bsc1264750 bsc1264751 bsc1264752 bsc1264754 bsc1265052 bsc1265053 Cross-References:...

PT-2026-45056

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...

Linux Distros Unpatched Vulnerability : CVE-2026-48155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

Linux Distros Unpatched Vulnerability : CVE-2026-8643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leadin...

MAL-2026-4861 Malicious code in lib-1779997093-yjeeqn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adfe3f8b85f731f407f8da6669a76b821b042e4ea1f2fd8fcfddf3293c2ca697 During installation, the package opens a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2026-4862 Malicious code in veloxml-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57a2b332595fb95752df25e794528ff2dd610bf3977b8d4abd7574cb0f21cdff The package advertises fake functionality and exfiltrates the given email and basic information about the host when used. --- Category: MALICIOUS - The campaig...

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

MAL-2026-4859 Malicious code in telethon-pro-safe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...