PT-2026-35816

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. A path traversal flaw exists in the Knowledge Bases API endpoint "DELETE /api/v1/knowledge bases" within the delete...

EDySec: A Deep Learning-Based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI Ecosystem

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditional Machine Learning ML detectors struggle to detect these...

OPENSUSE-SU-2026:10645-1 python311-pip-26.1-1.1 on GA media

These are all security issues fixed in the python311-pip-26.1-1.1 package on the GA media of openSUSE Tumbleweed...

Oracle Linux 8 : python3.11 (ELSA-2026-11062)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-11062 advisory. 3.11.13-7.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-7 - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168129,...

OPENSUSE-SU-2026:10647-1 python310-3.10.20-6.1 on GA media

These are all security issues fixed in the python310-3.10.20-6.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10646-1 python311-pyOpenSSL-26.1.0-1.1 on GA media

These are all security issues fixed in the python311-pyOpenSSL-26.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 44 : python-pydicom (2026-9eecdef4e0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9eecdef4e0 advisory. Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-s...

RockyLinux 9 : python3.9 (RLSA-2026:10949)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10949 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

RockyLinux 9 : python3.11 (RLSA-2026:10774)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10774 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Fedora 44 : python3.12 (2026-bb0e94c26c)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bb0e94c26c advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224 Tenable has extracted the preceding...

OPENSUSE-SU-2026:10648-1 python315-3.15.0~a8-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a8-3.1 package on the GA media of openSUSE Tumbleweed...

Fedora 43 : python3.11 (2026-952616f3d6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-952616f3d6 advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224 Tenable has extracted the preceding...

Windows Persistence via UserInitMprLogonScript Registry Key

This Python script demonstrates a Windows persistence technique based on modifying the HKCU\Environment\UserInitMprLogonScript registry value, which allows execution of a program each time the user logs in...

PT-2026-35827

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get doc path of the file src/spire doc mcp/api/base.py. Performing a manipulation of the argument document name results in path traversal. The attack can be initiated remotely. The exploit is now public...

Oracle Linux 9 : python3.11 (ELSA-2026-10774)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10774 advisory. 3.11.13-5.3.0.1 - Remove upstream URL reference Orabug: 36073032 3.11.13-5.3 - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-167913,...

PT-2026-35886

These are all security issues fixed in the python311-pyOpenSSL-26.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 44 : python3.11 (2026-6e657e937a)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6e657e937a advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224 Tenable has extracted the preceding...

Exploit for Authentication Bypass by Spoofing in Python-Jwt_Project Python-Jwt

CVE-2022-39227 JWT Authentication Bypass Demo Project Goal...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...