SUSE SLES15 Security Update : python (SUSE-SU-2026:1365-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1365-1 advisory. - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can allow path traversal bsc1259989. Tenable has extracted the preceding...

python security update

2.7.5-94.0.5 - Fix for CVE-2025-15366 and CVE-2025-15367 Orabug: 39114639 2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314...

Yubico多款产品 安全漏洞

Libfido2 and others are products open-sourced by Yubico. Libfido2 is a FIDO device communication library. Python-Fido2 is a library for implementing FIDO2 protocol clients and servers. YubiKey-Manager is a configuration management tool for YubiKeys. Several Yubico products have security...

Fedora: Security Advisory (FEDORA-2026-04d6f223e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-ec61ca906c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : python-cairosvg (2026-ec61ca906c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ec61ca906c advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...

Fedora: Security Advisory (FEDORA-2026-a2778fcae6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : python-flask-httpauth (2026-04d6f223e0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-04d6f223e0 advisory. Update to version 4.8.1 2454342 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RockyLinux 8 : pcs (RLSA-2026:8093)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8093 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 Tenable has extracted the preceding description block directly from the...

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0130-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...

python314-3.14.4-1.1 on GA media (moderate)

python314-3.14.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10554-1 Rating: moderate Cross-References: CVE-2026-3479 CVSS scores: CVE-2026-3479 SUSE : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2026-3479 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-40947

Affected software components are Yubico libfido2 (before 1.17.0), python-fido2 (before 2.2.0), and yubikey-manager (before 5.9.1). The issue is an unintended DLL search path, as described in CVE-2026-40947. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, with a base score of 2.9 ...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +469 more potentially affected by CVE-2026-40347 via python-multipart (>=0.0.10 <=0.0.24)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-40347 Source advisory: SNYK:PYTHON-PYTHONMULTIPART-16078395...

Excessive Iteration

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Excessive Iteration in the parsing performed by multipart.py. An attacker can degrade performance by sending multipart requests with very large preamble or epilogue sections...

python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...