python311-pypdf-6.9.1-1.1 on GA media (moderate)

python311-pypdf-6.9.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10403-1 Rating: moderate Cross-References: CVE-2026-33123 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

Advisory ROSA-SA-2026-3221

software: python-ldap 3.4.5 WASP: ROSA-CHROME unaffected versions = python-ldap-3.4.5-2 affected versions python-ldap-3.4.5-2 CVE-ID: CVE-2025-61911 BDU-ID: 2026-02913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the filter.py component of the Python module for working with Python-LDAP LDAP...

Malicious code in pipinpeace-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25628 more potentially affected by CVE-2026-4538 via torch (>=1.0.0 <=2.9.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2026-4538 Source advisory: SNYK:PYTHON-TORCH-15746467...

3-04-2025-ttm (=0.1.0), 3d-connectx-env (>=1.0.0 <=1.0.1) +2649 more potentially affected by CVE-2026-4538 via torch (>=1.0.0 <=2.10.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.7.4, =0.2.4, =0.0.1b1, =1.0.32, =0.0.3, =2.1.17, =2.2.2 and more Source cves: CVE-2026-4538 Source advisory: OSV:PYSEC-2026-139...

[SECURITY] Fedora 42 Update: python-scitokens-1.9.7-1.fc42

SciToken reference implementation library...

[SECURITY] Fedora 42 Update: python-ujson-5.12.0-1.fc42

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

[SECURITY] Fedora 43 Update: python-scitokens-1.9.7-1.fc43

SciToken reference implementation library...

[SECURITY] Fedora 43 Update: python-ujson-5.12.0-1.fc43

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

SUSE CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

[SECURITY] Fedora 44 Update: python-scitokens-1.9.7-1.fc44

SciToken reference implementation library...

[SECURITY] Fedora 44 Update: python-ujson-5.12.0-1.fc44

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

OPENSUSE-SU-2026:10404-1 python310-3.10.20-2.1 on GA media

These are all security issues fixed in the python310-3.10.20-2.1 package on the GA media of openSUSE Tumbleweed...

Fedora 42 : python-ujson (2026-0f099ed388)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0f099ed388 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

Malicious code in thisismytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...

MAL-2026-2017 Malicious code in thisismytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...

Exploit for CVE-2026-33017

CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...

MAL-2026-2013 Malicious code in nump (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 daf533091c2cd6d2ae82e47f2ba9264b23395105f9c088018560c13cea33801f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

TLS Connection Bypass

pyOpenSSL is vulnerable to TLS connection bypass. The vulnerability is due to an unhandled exception in a user-provided settlsextservernamecallback, where the exception is not caught and results in the connection being accepted, allowing attackers to bypass security-sensitive checks...

Cross-Site Scripting (XSS)

PySpector is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to the HTML report generator inserting code snippets without sanitization, where the scanned Python file's JavaScript payload is interpolated into the report and an attacker can trigger execution by opening the...