SUSE: Security Advisory (SUSE-SU-2026:1296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2026-2671 Malicious code in kryptex-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 034201cad27492b279f5c274a5091b2e617da50f27125c7774db069256b3486e Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Malicious code in kryptex-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 034201cad27492b279f5c274a5091b2e617da50f27125c7774db069256b3486e Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2670 Malicious code in 7miners (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7501eb0620c75479fa4614362aaa6c5766c8cc2f3b4d8829db6a44ca086cc374 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2026-5713

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

CVE-2026-24049 affecting package python-virtualenv for versions less than 20.26.6-3

CVE-2026-24049 affecting package python-virtualenv for versions less than 20.26.6-3. A patched version of the package is available...

CVE-2026-1703 affecting package python-virtualenv for versions less than 20.26.6-3

CVE-2026-1703 affecting package python-virtualenv for versions less than 20.26.6-3. A patched version of the package is available...

EUVD-2026-22311

The Python remote debugging feature could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be...

CVE-2026-4786

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

CVE-2026-5713

The CVE-2026-5713 entry covers a vulnerability in Python related to the profiling.sampling module (Python 3.15+) and asyncio introspection capabilities (3.14+). The issue enables out-of-bounds read/write in a privileged process when that process is connected to a malicious or infected Python proc...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow [CVE-2026-25990]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow, due to an issue that allows this condition to be triggered through the loading of a specially crafted PSD image CVE-2026-25990. Python Pillow is used in our speech service runtimes. This...

Malicious code in buildenv-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e56999171c1a81c357cd2b0847497fac643313bd0252be55a1d03cd40be48c1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2665 Malicious code in hive-os-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27052e523741d1d8f29aaadcd3735affbdeaa919d6fad2d0ff01ce878d6e5637 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CLSA-2026-1776169648 python3.9: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs - Update pubkeys.txt with refreshed Łukasz Langa GPG key expired 2025-05-12...

Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK...

SUSE-SU-2026:21116-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

SUSE-SU-2026:21126-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

MAL-2026-2627 Malicious code in pckg-sv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2ae45d504dadccaa437ebeaa729136ca7b38074149772b076c7abb34ab1e81f4 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...