Malicious code in robase-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32170773fbd5fab5b2494de72ce601e7b43d9b5c21f36b9bc26a6ada40024de6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2699 Malicious code in robase-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32170773fbd5fab5b2494de72ce601e7b43d9b5c21f36b9bc26a6ada40024de6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

angr (>=9.2.187 <=9.2.217), angr-management (>=9.2.187 <=9.2.217) +25 more potentially affected by unknown CVE via uefi-firmware (=1.11.0)

uefi-firmware PYPI version =1.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on uefi-firmware and may be impacted: - angr =9.2.187, =9.2.187, =1.0.0rc2, =1.0.7, =1.0.4, =9.2.7, =0.0.1, =9.2.187, =1.0.3, =0.1.0, =2.3.2, =0.1.0, =0.1.5 and more Source...

LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1491 more potentially affected by CVE-2026-41182 via langsmith (>=0.0.10 <=0.7.21)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-41182 Source advisory: SNYK:PYTHON-LANGSMITH-16082038...

[SECURITY] Fedora 42 Update: python-cairosvg-2.9.0-1.fc42

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 43 Update: python-cairosvg-2.9.0-1.fc43

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 43 Update: pypy-7.3.21-8.fc43

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

[SECURITY] Fedora 43 Update: micropython-1.28.0-1.fc43

Implementation of Python 3 with very low memory footprint...

[SECURITY] Fedora 43 Update: python3.15-3.15.0~a8-1.fc43

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

EUVD-2026-23135

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)

yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

Fedora 43 : python3.15 (2026-7ea30e843c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7ea30e843c advisory. New prerelease version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Debian: Security Advisory (DLA-4532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : python-cairosvg (2026-a2778fcae6)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a2778fcae6 advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...

python3 security update

3.6.8-21.0.9 - Security update CVE-2025-15366, CVE-2025-15367, CVE-2026-1299 Orabug: 39159999 3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2026:1349-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1349-1 advisory. - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is...

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0129-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...