OPENSUSE-SU-2026:20377-1 Security update for python-maturin

This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918...

SUSE-SU-2026:20748-1 Security update for python-maturin

This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918...

cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-32640

A flaw was found in the Python library, SimpleEval. A remote attacker could exploit this vulnerability by providing specially crafted input that allows dangerous modules or functions to be accessed outside of the intended sandbox environment. This could lead to arbitrary code execution within the...

Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

MAL-2026-1496 Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

EUVD-2026-12536

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4307

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

python3.12 security update

3.12.12-3.0.1.el101.1 - Remove upstream URL reference 3.12.12-3.1 - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143054 RHEL-143105 RHEL-144852...

PT-2026-25871

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get abs path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

OPENSUSE-SU-2026:10381-1 python311-3.11.15-2.1 on GA media

These are all security issues fixed in the python311-3.11.15-2.1 package on the GA media of openSUSE Tumbleweed...

ALSA-2026:4713 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...