58113 matches found
aide-infra (>=0.3.1.2 <=0.3.9), aide-sdk (>=1.0.3 <=1.0.6) +96 more potentially affected by CVE-2026-32711 via pydicom (>=2.0.0 <=2.4.4)
pydicom PYPI version =2.0.0, =0.3.1.2, =1.0.3, =0.1.1, =3.0.0, =0.1.0, =0.1.2, =0.1.0a1, =0.1.3, =0.4.0, =0.2.0, =1.1.0, =0.2.3, =0.0.13, =0.0.17 and more Source cves: CVE-2026-32711 Source advisory: SNYK:PYTHON-PYDICOM-15756938...
CLSA-2026-1774022191 python3.9: Fix of 4 CVEs
CVE-2026-0865: reject control characters in wsgiref headers - CVE-2025-15366: reject control characters in IMAP commands - CVE-2025-15367: reject control characters in POP3 commands - CVE-2026-1299: verify headers are sound in email BytesGenerator...
OESA-2026-1674 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setti...
OESA-2026-1672 python-cryptography security update
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: This vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks,...
OESA-2026-1669 python-cryptography security update
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: This vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks,...
Malicious code in cfgmgr-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3f72f18351a20c172ef8154055917c9e977fe782b32a4716faed582d67f3071 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
MAL-2026-2000 Malicious code in cfgmgr-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3f72f18351a20c172ef8154055917c9e977fe782b32a4716faed582d67f3071 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
MAL-2026-1999 Malicious code in cfgmgr-syn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ea20f8a566abc23f4b1d13543234fad04a3f791af173dd3dd3024bd93c3308c9 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
OPENSUSE-SU-2026:20407-1 Security update for python-orjson
This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...
SUSE-SU-2026:20920-1 Security update for python-orjson
This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...
SUSE-SU-2026:20768-1 Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
SUSE-SU-2026:20919-1 Security update for python-tornado6
This update for python-tornado6 fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes bsc1259630...
SUSE-SU-2026:20761-1 Security update for python-tornado6
This update for python-tornado6 fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes bsc1259630...
OPENSUSE-SU-2026:20406-1 Security update for python-tornado6
This update for python-tornado6 fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes bsc1259630...
Malicious code in init2winit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7eb9b716534151a8d16432102f52af1e6f61f9701b86efba4294cdc0e18ceaea Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1989 Malicious code in init2winit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7eb9b716534151a8d16432102f52af1e6f61f9701b86efba4294cdc0e18ceaea Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1991 Malicious code in nsscache (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f799f92bcb0f24e47655a4a38d97a8981bad8f31f28f7d82a5378ae8aa0f1c74 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in nsscache (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f799f92bcb0f24e47655a4a38d97a8981bad8f31f28f7d82a5378ae8aa0f1c74 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in spatialmedia (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a092215ab076cff12b7606adbc678a0340701124b7e10d747c6b8aca8d5fed7e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in mcp-transport-proto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a40306e4035df29c739d5073ccb341685275d5cebba588b7014898229752e11f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...