58121 matches found
MAL-2026-1291 Malicious code in requests-lite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d343c918303c251cdef262a6e1cbdff6ae797cf56115a81cfa5449732395b63b Clone of a legitimate requests library. The hidden code runs when using the requests functionality and starts a Telegram bot awaiting for remote commands. ---...
Security update for python-Flask
This update for python-Flask fixes the following issue: CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0849-1 Security update for python-Flask
This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700...
MAL-2026-1290 Malicious code in remjsonparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...
USN-8018-2: Python regression
USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...
USN-8018-2 python3.4, python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, python3.14 regression
USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...
CVE-2026-29787
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...
python3 security update
3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS parsing crafted tarfile headers Orabug: 37626372CVE-2024-6232 - Disable testsocket in the PGO...
OPENSUSE-SU-2026:10312-1 python311-pymongo-4.16.0-1.1 on GA media
These are all security issues fixed in the python311-pymongo-4.16.0-1.1 package on the GA media of openSUSE Tumbleweed...
Fedora: Security Advisory (FEDORA-2026-9d9161bac3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-cfa488b1ac)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-489dc1bc1b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:0821-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-8077-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-ef5d97522f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2026:20591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:0828-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious code in aioutil3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...
MAL-2026-1289 Malicious code in aioutil3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...
Malicious code in arnavtest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d77a638a8dbd52def0458fe1227c5dd5491bc8fedb0ae9e50f28eed74e4ef89d During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...