RHEL 9 : python3.9 (RHSA-2026:6766)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6766 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RockyLinux 9 : python3.11 (RLSA-2026:6286)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6286 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

RockyLinux 9 : python3.12 (RLSA-2026:6285)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6285 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

OPENSUSE-SU-2026:10499-1 python311-social-auth-app-django-5.7.0-1.1 on GA media

These are all security issues fixed in the python311-social-auth-app-django-5.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

Photon OS 5.0: Python3 PHSA-2026-5.0-0802

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-30922 affecting package python-pyasn1 for versions less than 0.4.8-2

CVE-2026-30922 affecting package python-pyasn1 for versions less than 0.4.8-2. A patched version of the package is available...

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.36.1-2

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.36.1-2. A patched version of the package is available...

CVE-2026-24049 affecting package python-virtualenv for versions less than 20.36.1-2

CVE-2026-24049 affecting package python-virtualenv for versions less than 20.36.1-2. A patched version of the package is available...

CVE-2026-1703 affecting package python-virtualenv for versions less than 20.36.1-2

CVE-2026-1703 affecting package python-virtualenv for versions less than 20.36.1-2. A patched version of the package is available...

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4. A patched version of the package is available...

PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

GHSA-4PH2-F6PF-79WV PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall without verifying if the files within the archive resolve...

CVE-2026-35050

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-35043 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-35043 Source advisory: OSV:PYSEC-2026-158...

aas2openapi (>=0.2.0 <=0.2.4), adelecv (>=0.0.1 <=0.0.2) +103 more potentially affected by CVE-2026-35526 via strawberry-graphql (>=0.103.9 <=0.312.0)

strawberry-graphql PYPI version =0.103.9, =0.2.0, =0.0.1, =0.0.1, =2025.4.0, =2025.4.0, =0.1.1, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2rc0, =0.9.0, =1.1.0 and more Source cves: CVE-2026-35526 Source advisory: SNYK:PYTHON-STRAWBERRYGRAPHQL-15922315...

GHSA-57CW-J6VP-2P9M OpenEXR has use after free in PyObject_StealAttrString

Summary There is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp. This bug was found with ZeroPath. Details The legacy adapter defines PyObjectStealAttrString that calls PyObjectGetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then...

Updated python-pyasn1 packages fix security vulnerability

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...

Updated python-nltk packages fix security vulnerability

nltk Vulnerable to Cross-site Scripting. CVE-2026-33230...

MGASA-2026-0082 Updated python-nltk packages fix security vulnerability

nltk Vulnerable to Cross-site Scripting. CVE-2026-33230...

CVE-2026-35050 text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...