MAL-2026-2665 Malicious code in hive-os-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27052e523741d1d8f29aaadcd3735affbdeaa919d6fad2d0ff01ce878d6e5637 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CLSA-2026-1776169648 python3.9: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs - Update pubkeys.txt with refreshed Łukasz Langa GPG key expired 2025-05-12...

Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK...

SUSE-SU-2026:21116-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

SUSE-SU-2026:21126-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

MAL-2026-2627 Malicious code in pckg-sv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2ae45d504dadccaa437ebeaa729136ca7b38074149772b076c7abb34ab1e81f4 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...

CORScanner

CORS Exploiter Automated CORS misconfiguration scanner with...

Vulnerable-Web-App-Scanner

Vulnerable-Web-App-Scanner Pent...

CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-40288

PraisonAI and praisonaiagents prior to versions 4.5.139 and 1.5.140 are exposed to a critical RCE via untrusted workflow YAML. When a YAML file for type: job is loaded, the JobWorkflowExecutor (job_workflow.py) processes steps allowing run (subprocess.run), script (inline Python via exec), and py...

EUVD-2026-22209

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

adversarial-insight-ml (=0.2.1), aiagents4pharma (>=0.0.0 <=1.49.1) +92 more potentially affected by CVE-2026-40491 via gdown (>=5.0.0 <=5.2.1)

gdown PYPI version =5.0.0, =0.0.0, =0.2.3, =0.4.0, =0.0.1, =0.2.2, =1.8.1, =0.2.1, =0.1.1, =0.0.1, =0.2.1 and more Source cves: CVE-2026-40491 Source advisory: SNYK:PYTHON-GDOWN-16540585...

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.7-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

CVE-2026-24049 affecting package python-wheel for versions less than 0.43.0-2

CVE-2026-24049 affecting package python-wheel for versions less than 0.43.0-2. A patched version of the package is available...

CVE-2026-39421

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

CVE-2026-39420

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...