10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +469 more potentially affected by CVE-2026-40347 via python-multipart (>=0.0.10 <=0.0.24)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-40347 Source advisory: OSV:GHSA-MJ87-HWQH-73PJ...

GHSA-MJ87-HWQH-73PJ python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

Malicious code in cpu-optimizers2-33 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb2ab5bcc8a1a35fbd4e5d9b19ac517134ea3fd497e66d7d7126089743804a1c Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

[SECURITY] [DLA 4532-1] python3.9 regression and security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4532-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout April 15, 2026 https://wiki.debian.org/LTS -...

Malicious code in cpu-optimizers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f82b75da107c50f4d2f3cf5587e7db58a0dc91b77f8511226ff9219623dc145a Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

ai-safety-engine (=0.1.0) potentially affected by CVE-2026-30625 via upsonic (=0.60.0a1754435135)

upsonic PYPI version =0.60.0a1754435135 is affected by a known vulnerability. The following packages have a transitive dependency on upsonic and may be impacted: - ai-safety-engine =0.1.0 Source cves: CVE-2026-30625 Source advisory: SNYK:PYTHON-UPSONIC-16073332...

Multiple vulnerabilities in Python affect AIX

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:19:52 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory19.asc Security Bulletin: Multiple vulnerabilities in Python affect AIX...

Security update for python

This update for python fixes the following issues: CVE-2026-3479: improper resource argument validation in pkgutil.getdata can allow path traversal bsc1259989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1365-1 Security update for python

This update for python fixes the following issues: - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can allow path traversal bsc1259989...

Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15 CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. CVE-2025-11468: header injection when folding a long...

SUSE-SU-2026:1349-1 Security update for python311

This update for python311 fixes the following issues: - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. - CVE-2025-11468: header injection when folding a...

MAL-2026-2686 Malicious code in neverinstallme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a369ecd7616b1dcdbeeca091c3b5bb9df2096c863fe89e9b45154708d5453a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-26007)

Summary Python module cryptography is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance and Dashboard operands that enable the App Connect Enterprise Agent are vulnerable to loss of...

OPENSUSE-SU-2026:10554-1 python314-3.14.4-1.1 on GA media

These are all security issues fixed in the python314-3.14.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10553-1 python313-3.13.13-1.1 on GA media

These are all security issues fixed in the python313-3.13.13-1.1 package on the GA media of openSUSE Tumbleweed...

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

OPENSUSE-SU-2026:10552-1 python311-3.11.15-5.1 on GA media

These are all security issues fixed in the python311-3.11.15-5.1 package on the GA media of openSUSE Tumbleweed...

python311-aiohttp-3.13.5-3.1 on GA media (moderate)

python311-aiohttp-3.13.5-3.1 on GA media Announcement ID: openSUSE-SU-2026:10545-1 Rating: moderate Cross-References: CVE-2026-34516 CVE-2026-34520 CVSS scores: CVE-2026-34516 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34516 SUSE : 6.9...

PT-2026-33184

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

python311-rfc3161-client-1.0.6-1.1 on GA media (moderate)

python311-rfc3161-client-1.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10546-1 Rating: moderate Cross-References: CVE-2026-33753 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...