ROS-20260417-73-0020

A vulnerability in the ContentStream.readInlineImage function of the PyPDF2 PDF processing library is related to incorrect implementation of the loop exit condition. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted PDF fil...

ROS-20260417-73-0017

Vulnerability in python-PyPDF2 related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260417-73-0021

Vulnerability in python-PyPDF2 related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260417-73-0014

Vulnerability in python-PyPDF2 related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

FreeBSD : Python -- use-after-free vulnerability in decompressors under memory pressure (b8e9f33c-375d-11f1-a119-e36228bfe7d4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8e9f33c-375d-11f1-a119-e36228bfe7d4 advisory. Seth Larson reports: There is a CRITICAL severity vulnerability affecting CPython. Use-after-free UAF w...

ROS-20260417-73-0029

Vulnerability in python-authlib related to information disclosure through inconsistency. Exploitation of the vulnerability may allow an attacker acting remotely to gain unauthorized access to protected information...

ROS-20260417-73-0023

Vulnerability in python-PyPDF2 related to excessive iteration. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260417-73-0016

Vulnerability in python-PyPDF2 related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Fedora 45 : python3.12 (2026-2dfcf9d705)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2dfcf9d705 advisory. Automatic update for python3.12-3.12.13-3.fc45. Changelog Thu Apr 16 2026 Charalampos Stratakis - 3.12.13-3 - Security fixes for CVE-2026-1502,...

Oracle Linux 7 : python3 (ELSA-2026-6464)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6464 advisory. - Security update CVE-2025-15366, CVE-2025-15367, CVE-2026-1299 Orabug: 39159999 - Security update CVE-2025-12084 Orabug: 38971895 - tarfile now...

GLPI 10.0.18 Log Exposure Probe Script Directory Leak Detection

This Python script is designed to assess a GLPI application for potential information disclosure vulnerabilities, specifically focusing on exposed log files and sensitive directories...

Oracle Linux 7 : python (ELSA-2026-5393)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5393 advisory. - Fix for CVE-2025-15366 and CVE-2025-15367 Orabug: 39114639 Tenable has extracted the preceding description block directly from the Oracle Linux...

ROS-20260417-73-0015

Vulnerability in python-PyPDF2 related to excessive iteration. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

SUSE SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2026:1376-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1376-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

SUSE CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +876 more potentially affected by CVE-2026-41488 via langchain-openai (>=0.0.1 <=1.1.12)

langchain-openai PYPI version =0.0.1, =0.1.0, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =1.0.0rc1, =3.2.0, =0.1.0, =0.1.1, =0.0.1a0, =2.1.7, =2.1.8 and more Source cves: CVE-2026-41488 Source advisory: OSV:GHSA-R7W7-9XR2-QQ2R...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +233 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:GHSA-JJ8C-MMJ3-MMGV...

MAL-2026-2821 Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide the following payload: DataFrame'foo': 'bar!';import os;os.system'whoami' that will get interpolated and executed by the server. Details The code in question that introduces t...

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection through the pythonCodeValidator and the Python execution paths in AirtableAgent.ts and CSVAgent.ts. An attacker can supply LLM-generated Python code that smuggles in...