57951 matches found
ROS-20260401-73-0046
The server vulnerability for python Waitress is related to a flaw in HTTP request handling. Exploitation of the vulnerability allows an attacker acting remotely to impact data integrity...
Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration
The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...
PT-2026-29526
Name of the Vulnerable Software and Affected Versions pymanager affected versions not specified Description pymanager included the current working directory in its sys.path, allowing modules in the current working directory to shadow intended packages. If a user runs a pymanager-generated command...
Medium: python3
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Debian dla-4520 : python-tornado-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4520 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4520-1 [email protected] https://www.debian.org/lts/security/...
AlmaLinux 8 : python3.12 (ALSA-2026:6283)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6283 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1530)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1530 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...
Python Install Manager 安全漏洞
Python Install Manager is an open-source installation management tool for Python. Python Install Manager has a security vulnerability that stems from including the current working directory in the sys.path, which may allow malicious modules to be imported from a directory controlled by the attack...
Fedora: Security Advisory (FEDORA-2026-e77ad9d792)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2026:1158-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : python3-tornado, --advisory ALAS2-2026-3213 (ALAS-2026-3213)
The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3213 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limi...
Oracle Linux 8 : python3.11 (ELSA-2026-6281)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6281 advisory. 3.11.13-6.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-6 - Security fix for CVE-2026-4519 Resolves: RHEL-158028 Tenable has extracted the...
Oracle Linux 9 : python3.11 (ELSA-2026-6286)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6286 advisory. 3.11.13-5.2.0.1 - Remove upstream URL reference Orabug: 36073032 3.11.13-5.2 - Security fix for CVE-2026-4519 Resolves: RHEL-158050 Tenable has extracted the...
SUSE SLED15 / SLES15 Security Update : python-pyasn1 (SUSE-SU-2026:1158-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1158-1 advisory. - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803. Tenable has extracted the preceding description...
Oracle Linux 9 : python3.12 (ELSA-2026-6285)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6285 advisory. - Security fix for CVE-2026-4519 Resolves: RHEL-158051 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
MiracleLinux 8 : python3-3.6.8-74.el8_10.ML.1 (AXSA:2026-371:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-371:03 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...
OPENSUSE-SU-2026:10476-1 python311-Pygments-2.20.0-2.1 on GA media
These are all security issues fixed in the python311-Pygments-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...
Medium: python-jwt
Issue Overview: A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 SS4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of...
PT-2026-29825
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description PraisonAI is susceptible to a critical Python sandbox escape issue that permits code execution outside of the intended sandbox environment. The flaw resides within the execute code function...
Medium: python
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...