SUSE-SU-2026:1544-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issue: - CVE-2026-40347: crafted multipart/form-data can cause a denial of service bsc1262403...

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 , is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20598-1 Rating: moderate References: bsc1262284 Cross-References: CVE-2026-40260 Affected Products: openSUSE Leap 16.0...

SUSE SLES15 Security Update : python (SUSE-SU-2026:1503-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1503-1 advisory. This update for python fixes the following issue: - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Tenable has...

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:1530-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1530-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479...

RHEL 9 : python3.11 (RHSA-2026:9705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9705 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

PT-2026-34527

Summary The extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0...

RHEL 7 : python3 (RHSA-2026:9745)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9745 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : python3.11 (RHSA-2026:9591)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9591 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Red Hat Enterprise Linux AI 安全漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...

PT-2026-34538

Name of the Vulnerable Software and Affected Versions Poetry versions prior to 2.3.4 Description The extractall function in src/poetry/utils/helpers.py extracts sdist tarballs without path traversal protection on Python versions where tarfile.data filter is unavailable. This occurs specifically o...

RHEL 7 : python (RHSA-2026:9614)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9614 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : python3 (RHSA-2026:9621)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9621 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

DNG File Generator with Malformed Metadata

This Python script generates a custom DNG Digital Negative image file by manually constructing TIFF/DNG structures, including headers, Image File Directories IFDs, and metadata tags...