[SECURITY] Fedora 44 Update: python-pydicom-3.0.2-1.fc44

pydicom is a pure python package for working with DICOM files. It was made for inspecting and modifying DICOM data in an easy "pythonic" way. The modifications can be written again to a new file. pydicom is not a DICOM server, and is not primarily about viewing images. It is designed to let you...

[SECURITY] Fedora 44 Update: mingw-python3-3.11.15-2.fc44

MinGW Windows python3...

[SECURITY] Fedora 44 Update: python3.9-3.9.25-7.fc44

Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.9 package provides the "python3.9" executable: the...

Photon OS 5.0: Python3 PHSA-2026-5.0-0830

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0830. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLED15 / SLES15 Security Update : python-ecdsa (SUSE-SU-2026:1608-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1608-1 advisory. - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the...

OPENSUSE-SU-2026:10616-1 python311-Mako-1.3.11-1.1 on GA media

These are all security issues fixed in the python311-Mako-1.3.11-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2026:1582-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1582-1 advisory. This update for python-pyOpenSSL fixes the following issue: - CVE-2026-27448: unhandled exception can result in connection not being cancelled...

Fedora 44 : python3.14 (2026-841a2250e4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-841a2250e4 advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Tenable has extracted the preceding description block directly from th...

Fedora 44 : python-cairosvg (2026-448e26a9c8)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-448e26a9c8 advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...

openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20617-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20617-1 advisory. This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed da...

Photon OS 4.0: Python3 PHSA-2026-4.0-1003

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1003. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 44 : python-pillow (2026-334e385bd4)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-334e385bd4 advisory. Fix CVE-2026-40192. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...

Malicious code in elementary-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...

MAL-2026-3083 Malicious code in elementary-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +1329 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=0.0.1 <=1.1.1)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =0.1.0, =0.1.0, =1.0.0rc1, =2.6.1 and more Source cves: CVE-2026-41481 Source advisory: OSV:PYSEC-2026-77...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:PYSEC-2026-25...

DEBIAN-CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

UBUNTU-CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

Malicious code in swampo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...