RockyLinux 9 : python3.9 (RLSA-2026:4168)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4168 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

Oracle Linux 9 : python3.12 (ELSA-2026-4165)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4165 advisory. 3.12.12-4.0.1.el97.1 - Remove upstream URL reference 3.12.12-4.1 - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2026:0849-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0849-1 advisory. This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to...

openSUSE 15 Security Update : python-Markdown (SUSE-SU-2026:0846-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0846-1 advisory. This update for python-Markdown fixes the following issue: - CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process...

CVE-2026-1703 affecting package python-pip for versions less than 24.2-6

CVE-2026-1703 affecting package python-pip for versions less than 24.2-6. A patched version of the package is available...

CVE-2026-1299 affecting package python3 for versions less than 3.12.9-9

CVE-2026-1299 affecting package python3 for versions less than 3.12.9-9. A patched version of the package is available...

CVE-2026-22702 affecting package python-virtualenv for versions less than 20.36.1-1

CVE-2026-22702 affecting package python-virtualenv for versions less than 20.36.1-1. An upgraded version of the package is available that resolves this issue...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...

MAL-2026-1325 Malicious code in synapseml-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...

Security update for python-maturin

This update for python-maturin fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

SUSE-SU-2026:0860-1 Security update for python-maturin

This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918...

Exploit for CVE-2026-2472

🚨 CVE-2026-2472-Vertex-AI-SDK-Google-Cloud - Simple Proof of C...

GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable

CVE-2026-26030 is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates...

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...