SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

python3.11 security update

An update is available for python3.11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

RLSA-2026:4216 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2026-3989

CVE-2026-3989 affects SGLangs replay_request_dump.py, where an insecure pickle.load() is used without validation. The underlying issue is improper deserialization, enabling execution of attacker-supplied code when a malicious .pkl file is provided to the script. The CVE’s metrics indicate a high-...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Security update for python36

This update for python36 fixes the following issues: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2026:0884-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181...

RHSA-2026:4216 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

Python_Paylod_Exploit

No d...

[SECURITY] Fedora 44 Update: python-lxml-html-clean-0.4.4-1.fc44

HTML cleaner from lxml project...

python-multipart 安全漏洞

python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions prior to 1.2.2, 1.3.1, and 1.4.0-dev contained security vulnerabilities. These vulnerabilities stemmed from the use of ambiguous regular expressions in the parseoptionsheader function, which...

python3.11 security update

3.11.13-5.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-5 - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143064 Resolves: RHEL-143121 Resolves: RHEL-144861...

python3.12 security update

3.12.12-3 - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143065 Resolves: RHEL-143122 Resolves: RHEL-144862...

Black 路径遍历漏洞

Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...

RHEL 8 : python3.11 (RHSA-2026:4473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4473 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

MiracleLinux 9 : python3.11-3.11.13-5.1.el9_7 (AXSA:2026-297:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-297:05 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

Fedora 44 : python-lxml-html-clean (2026-f46fc594f3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f46fc594f3 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

AEGIS: No Tool Call Left Unchecked -- a Pre-Execution Firewall and Audit Layer for AI Agents

AI agents increasingly act through external tools: they query databases, execute shell commands, read and write files, and send network requests. Yet in most current agent stacks, model-generated tool calls are handed to the execution layer with no framework-agnostic control point in between...

ALSA-2026:4473 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...