RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

AlmaLinux 8 : python3.11 (ALSA-2026:11062)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Linux Distros Unpatched Vulnerability : CVE-2026-42284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes...

AlmaLinux 8 : python3.12 (ALSA-2026:10950)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

OPENSUSE-SU-2026:10658-1 python311-pypdf-6.10.2-2.1 on GA media

These are all security issues fixed in the python311-pypdf-6.10.2-2.1 package on the GA media of openSUSE Tumbleweed...

AlmaLinux 8 : python3 (ALSA-2026:11077)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11077 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Linux Distros Unpatched Vulnerability : CVE-2026-42215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such ...

MAL-2026-3137 Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-7319

CVE-2026-7319 affects elinsky execution-system-mcp 0.1.0. The vulnerability is in the function _get_context_file_path (src/execution_system_mcp/server.py, add_action Tool), where improper handling of the context argument enables path traversal. Attack can be initiated remotely; the exploit has be...

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

USN-8198-2 python-tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...

CVE-2026-41391

OpenClaw before 2026.3.31 fails to properly sanitize PIPINDEXURL and UVINDEXURL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting...

CVE-2026-41391

CVE-2026-41391 affects the OpenClaw project. OpenClaw before 2026.3.31 fails to sanitize PIP_INDEX_URL and UV_INDEX_URL in host execution contexts, enabling attackers to redirect Python package-index traffic by injecting malicious index URLs through unsanitized environment variables. The issue is...

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:1647-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

Malicious code in kcvlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a441a8e0abdd54964ca9e0a5e3a1d0e0c0435f05d80ab9e9210e10194a16f3d During import, the package downloads and executes obfuscated code. It appears to be an infostealer framework --- Category: MALICIOUS - The campaign has clearly...