RockyLinux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2023:5998)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5998 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus...

RockyLinux 8 : python27:2.7 (RLSA-2023:7042)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7042 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the RockyLinux...

EulerOS Virtualization 2.10.1 : python-pip (EulerOS-SA-2026-1544)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-1640)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...

RockyLinux 8 : python27:2.7 (RLSA-2023:5994)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5994 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus...

Security update for python-simpleeval (important)

openSUSE Security Update: Security update for python-simpleeval Announcement ID: openSUSE-SU-2026:0086-1 Rating: important References: 1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Th...

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20375-1 Rating: moderate References: bsc1259508 Cross-References: CVE-2026-31826 Affected Products: openSUSE Leap 16.0...

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

Malicious code in anistream (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...

MAL-2026-1499 Malicious code in anistream (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182RCEExploit REC Exploit is a Python-based secur...

Exploit for Path Traversal in Python Setuptools

HackTheBox - VariaType Machine Writeup !HTBhttps://img.shie...

MAL-2026-1498 Malicious code in telegramdatas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

OPENSUSE-SU-2026:20375-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2025-31826: Fixed denial of service due to excessive memory consumption via crafted PDF bsc1259508...

AIX Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

IBM SECURITY ADVISORY First Issued: Tue Mar 17 15:18:12 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory18.asc Security Bulletin: AIX Python is vulnerable to a null pointer dereference CVE-2026-24515 and an intege...

Uncontrolled recursion DoS in JustHTML() via deeply nested HTML

Summary justhtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, JustHTML.init always reaches TreeBuilder.finish, which unconditionally calls populateselectedcontent. That function recursively traverses the DOM via findelements / findelement without a depth bound,...

OPENSUSE-SU-2026:20373-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-25674: Fixed race condition which can lead to potential incorrect permissions on newly created file system objects bsc1259142...