Important Photon OS Security Update - PHSA-2026-5.0-0816

Updates of 'rubygem-rdiscount', 'python3-PyJWT' packages of Photon OS have been released...

openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2026:20468-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20468-1 advisory. - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via...

DSpace 5.x / 6.x Full Repository Extractor

This Python script is an automated extraction tool targeting a DSpace-based repository. It leverages an open Solr search query to enumerate repository item handles, then audits each item to discover and download associated bitstream files typically PDFs. The script also attempts sequence-based...

S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation

We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the Python sandbox based on AST, which could be exploited through type.getattribute, potentially...

python311-Django4-4.2.30-1.1 on GA media (moderate)

python311-Django4-4.2.30-1.1 on GA media Announcement ID: openSUSE-SU-2026:10516-1 Rating: moderate Cross-References: CVE-2026-33033 CVE-2026-33034 CVE-2026-3902 CVE-2026-4277 CVE-2026-4292 CVSS scores: CVE-2026-33033 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-33033 SUSE : 6...

CVE-2026-33936 affecting package python-ecdsa for versions less than 0.19.2-1

CVE-2026-33936 affecting package python-ecdsa for versions less than 0.19.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793 Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793

CVE-2026-33793 describes an Execution with Unnecessary Privileges in the Junos OS/Junos OS Evolved UI. If a device has a configuration that allows unsigned Python op scripts, a non-root user can run malicious op scripts and escalate to root-equivalent privileges, compromising the system. Affected...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793 Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

CVE-2026-40072

CVE-2026-40072 – SSRF via CCIP Read in web3.py Affected: web3.py (Python library) versions 6.0.0b3 through before 7.15.0 and 8.0.0b2. The CCIP Read / OffchainLookup (EIP-3668) implementation fetches URLs supplied by contracts without destination validation and with default-on exposure (global_cci...

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

OPENSUSE-SU-2026:20497-1 Security update for python-gi-docgen

This update for python-gi-docgen fixes the following issues: - CVE-2025-11687: Fixed reflected DOM XSS bsc1251961...

CLSA-2026-1775723090 python-pip: Fix of 2 CVEs

CVE-2025-66471: add decompression size limit to bundled urllib3 - CVE-2026-21441: skip decompression when draining redirect responses in bundled urllib3...

SUSE-SU-2026:21159-1 Security update for python-gi-docgen

This update for python-gi-docgen fixes the following issues: - CVE-2025-11687: Fixed reflected DOM XSS bsc1251961...

MAL-2026-2522 Malicious code in st-payment (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bcf8605142a71ab3977537d339f48dfc102fcb49ce37c8f6b74c6b8af38988d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...