Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

SUSE-SU-2026:21447-1 Security update for python311

This update for python311 fixes the following issue: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

RHSA-2026:10745 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

RHSA-2026:10711 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Sentinal-ai

Sentinal-ai Free, offline...

Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3085 Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedecs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3090 Malicious code in bytedecs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedark (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1b29d53129e34fa2f09eacd9218f1bf87711e4a88587ee9c5f4453cfb6974ac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...