Linux Distros Unpatched Vulnerability : CVE-2025-69534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError...

SUSE SLES16 Security Update : python-azure-core (SUSE-SU-2026:20617-1)

The remote SUSE Linux SLES16 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:20617-1 advisory. - CVE-2026-21226: Fixed deserialization of untrusted data which may allow an authorized attacker to execute code over a network. bsc1257703 Tenable ha...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1467)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1467 advisory. pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

RHEL 9 : python3.12 (RHSA-2026:3897)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3897 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...

python311-joserfc-1.6.3-1.1 on GA media (moderate)

python311-joserfc-1.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10293-1 Rating: moderate Cross-References: CVE-2026-27932 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

Security update for python-joserfc (important)

openSUSE security update: security update for python-joserfc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20322-1 Rating: important References: bsc1259154 Cross-References: CVE-2026-27932 Affected Products: openSUSE Leap 16.0...

openSUSE Security Advisory (SUSE-SU-2026:0805-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2026-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +53 more potentially affected by unknown CVE via sagemaker-core (=2.12.0)

sagemaker-core PYPI version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker-core and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.16, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source...

SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality

Summary This advisory addresses the use of the searchhub function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the searchhub function could potentially provide malformed input that causes the eval function to...

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...

adxp-cli (>=0.1.1 <=0.1.21), ag-ui-langgraph (>=0.0.14 <=0.0.29) +114 more potentially affected by CVE-2026-28277 via langgraph (>=1.0.0 <=1.0.10)

langgraph PYPI version =1.0.0, =0.1.1, =0.0.14, =0.0.2, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.0.48, =0.0.54, =0.1.2, =0.1.4, =0.2.0 - chatlas-frontend =1.0.0 and more Source cves: CVE-2026-28277 Source advisory: SNYK:PYTHON-LANGGRAPH-15433492...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2026-0848 via nltk (>=3.0.0 <=3.9.2)

nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0848 Source advisory: SNYK:PYTHON-NLTK-15763329...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +369 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.1)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:GHSA-G48C-2WQR-H844...

CVE-2025-69534

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

01os (=0.0.14), 10xscale-agentflow-cli (>=0.3.0 <=0.3.1) +11385 more potentially affected by CVE-2025-69534 via markdown (>=3.0.0 <=3.8.0)

markdown PYPI version =3.0.0, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 and more Source cves: CVE-2025-69534 Source advisory: SNYK:PYTHON-MARKDOWN-15428352...

EUVD-2025-208312

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Python-Markdown has an Uncaught Exception

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...