USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

USN-8018-3 python2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

EUVD-2025-208848

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

RHEL 8 : python3.11 (RHSA-2026:5152)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5152 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 8 : python3.11 (ALSA-2026:4473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4473 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

VulnCheck KEV: CVE-2026-33017

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2026:0915-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0915-1 advisory. Update to LTS branch 2.7 jscPED-14342: - CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in schemaattrenumcallba...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20373-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20373-1 advisory. Changes in python-Django: - CVE-2026-25674: Fixed race condition which can lead to potential incorrect permissions on newly created file system objects...

Cross-Ecosystem Vulnerability Analysis for Python Applications

Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...

Linux Distros Unpatched Vulnerability : CVE-2026-32722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports...

python311-uv-0.10.11-1.1 on GA media (moderate)

python311-uv-0.10.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10380-1 Rating: moderate Cross-References: CVE-2026-31812 CVSS scores: CVE-2026-31812 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-31812 SUSE : 6.9...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20375-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20375-1 advisory. Changes in python-PyPDF2: - CVE-2025-31826: Fixed denial of service due to excessive memory consumption via crafted PDF bsc1259508. Tenable has extracte...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1640)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1631)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10393-1 python311-pyasn1-0.6.3-1.1 on GA media

These are all security issues fixed in the python311-pyasn1-0.6.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10392-1 python311-pyOpenSSL-26.0.0-1.1 on GA media

These are all security issues fixed in the python311-pyOpenSSL-26.0.0-1.1 package on the GA media of openSUSE Tumbleweed...

DEBIAN-CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

UBUNTU-CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33230 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33230 Source advisory: OSV:GHSA-GFWX-W7GR-FVH7...