SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:1292-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1292-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

Amazon Linux 2 : python3, --advisory ALAS2-2026-3228 (ALAS-2026-3228)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3228 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-bloc...

OPENSUSE-SU-2026:10546-1 python311-rfc3161-client-1.0.6-1.1 on GA media

These are all security issues fixed in the python311-rfc3161-client-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

Important: python3

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

Amazon Linux 2 : python, --advisory ALAS2-2026-3227 (ALAS-2026-3227)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3227 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block...

Fedora 43 : python-cryptography (2026-95233f8a79)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95233f8a79 advisory. Changelog Wed Apr 8 2026 Jeremy Cline - 46.0.7-1 - Update to 46.0.7 - SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be passed to APIs tha...

Terrarium 安全漏洞

Terrarium is an open-source sandbox environment developed by Cohere, designed for executing untrusted Python code. Terrarium has a security vulnerability that stems from JavaScript prototype chain traversal, which may allow arbitrary code to be executed with root privileges in the host process...

ALSA-2026:8093 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 For more details about the security issues, including the impact, a CVSS score,...

Fedora: Security Advisory (FEDORA-2026-95233f8a79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2026-2625 Malicious code in robase-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1076baa8ca4cabd7ae4b1caafa04658a6f7a1c80f52d25de958412ec5d11661 The package is part of a malicious campaign, but was removed before the malicious code got embedded inside. --- Category: MALICIOUS - The campaign has clearly...

CVE-2026-6100

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

auditor-v1

🔐 Web Security Auditor v2.0 Mini BurpSuite / OWASP ZAP hech...

CVE-2026-1502

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile modules. An attacker can execute arbitrary code or access sensitive information by triggering a use-after-free condition through repeated...

MAL-2026-2623 Malicious code in hive-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94c174f9e83b72e5aaafbb1587d41384786cd29b4e9b69d097117d8c7b403771 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-1462 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.1.0 and more Source cves: CVE-2026-1462 Source advisory: SNYK:PYTHON-KERAS-16032293...

airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +18 more potentially affected by CVE-2026-33858 via apache-airflow-core (>=3.1.8 <=3.2.0b2)

apache-airflow-core PYPI version =3.1.8, =0.6.0, =3.1.8, =1.0.2, =0.0.13, =10.13.0, =1.1.8, =0.0.4, =0.1.0, =12.9.0, =7.1.0, =1.15.20, =1.2.4, =1.9.17, =1.10.13 and more Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16032065...

MAL-2026-2572 Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2026-3446

A flaw was found in the Python base64 module. When decoding base64 data using functions like base64.b64decode, the decoding process prematurely stops upon encountering the first padding character. This can result in incomplete data being processed, where any information following the initial...