BIT-PYTHON-2026-2297 SourcelessFileLoader does not use io.open_code()

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

BIT-LIBPYTHON-2026-2297 SourcelessFileLoader does not use io.open_code()

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

Security update for python-tornado

This update for python-tornado fixes the following issue: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

SUSE-SU-2026:0838-1 Security update for python-tornado

This update for python-tornado fixes the following issue: - CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903...

Updated python-django packages fix security vulnerability

Potential incorrect permissions on newly created file system objects. CVE-2026-25674...

MGASA-2026-0050 Updated python-django packages fix security vulnerability

Potential incorrect permissions on newly created file system objects. CVE-2026-25674...

SUSE CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

SUSE SLES16 Security Update : python-azure-core (SUSE-SU-2026:20621-1)

The remote SUSE Linux SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20621-1 advisory. - CVE-2026-21226: Fixed deserialization of untrusted data which may allow an authorized attacker to execute code over a network. bsc1257703 Tenable...

Amazon Linux 2 : python-pillow, --advisory ALAS2-2026-3180 (ALAS-2026-3180)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3180 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when...

Amazon Linux 2 : python, --advisory ALAS2-2026-3185 (ALAS-2026-3185)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3185 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...

Linux Distros Unpatched Vulnerability : CVE-2026-2297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode...

RHEL 9 : python3.12 (RHSA-2026:3900)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3900 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2026:0828-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0828-1 advisory. - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library bsc1256414...

python311-joserfc-1.6.3-1.1 on GA media (moderate)

python311-joserfc-1.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10293-1 Rating: moderate Cross-References: CVE-2026-27932 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

Security update for python-joserfc (important)

openSUSE security update: security update for python-joserfc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20322-1 Rating: important References: bsc1259154 Cross-References: CVE-2026-27932 Affected Products: openSUSE Leap 16.0...

Amazon Linux 2 : python3, --advisory ALAS2-2026-3184 (ALAS-2026-3184)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3184 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...

SUSE SLES12 Security Update : python (SUSE-SU-2026:0802-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0802-1 advisory. - CVE-2024-7592: excess CPU resource consumption in http.cookies module bsc1229596 Tenable has extracted the preceding description block directly from...

Python Library OpenEXR 2.3.x / 3.x < 3.2.6 / 3.3.x < 3.3.8 / 3.4.x < 3.4.6 Heap Buffer Overflow

The version of the OpenEXR Python package installed on the remote host is 2.3.x or 3.x prior to 3.2.6, 3.3.x prior to 3.3.8, or 3.4.x prior to 3.4.6. It is, therefore, affected by a heap buffer overflow vulnerability: - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2026:0805-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0805-1 advisory. - CVE-2026-1703: Fixed a potential path traversal in python-pip. bsc1257599 Tenable has extracted the...