📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

Oracle Linux 9 : python-pyasn1 (ELSA-2026-3359)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3359 advisory. 0.4.8-7 - Resolves: RHEL-148154 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

MiracleLinux 9 : python-pyasn1-0.4.8-7.el9_7 (AXSA:2026-225:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-225:01 advisory. pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-23490 Tenable has extracted the preceding description block...

Protobuf Pure-Python backend can be corrupted by exceeding the Python recursion limit

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

Fedora: Security Advisory (FEDORA-2026-0d673fa503)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : python3.15 (2026-10af0bfadd)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-10af0bfadd advisory. New alpha release of Python 3.15 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

RockyLinux 10 : python-pyasn1 (RLSA-2026:3354)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3354 advisory. pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-23490 Tenable has extracted the preceding description block...

Debian dsa-6150 : python-django-doc - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6150 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6150-1 [email protected]...

Oracle Linux 10 : python-pyasn1 (ELSA-2026-3354)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3354 advisory. 0.6.2-1 - Update to 0.6.2 - Update modules to 0.4.2 Resolves: RHEL-148142 Tenable has extracted the preceding description block directly from the Oracle Linux...

Malicious code in roku-aihub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-1144 Malicious code in roku-aihub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-15369490...

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: OSV:GHSA-HW26-MMPG-FQFG...

MAL-2026-1140 Malicious code in heimdal-credentials (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44b549b64558430b61d35bb2eb2cfcf8ec15d75bacb38af8f34deafe5d6add2c During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

MAL-2026-1143 Malicious code in wisecloudsecrets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ed4357b3e8038ef404e043cc63aafe6484b20d94267c4f024a27d840a4a2fc During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.32.0) +7 more potentially affected by CVE-2026-27932 via joserfc (>=1.0.0 <=1.6.1)

joserfc PYPI version =1.0.0, =1.0.0, =1.0.5, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: SNYK:PYTHON-JOSERFC-15369129...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.32.0) +9 more potentially affected by CVE-2026-27932 via joserfc (>=0.9.0 <=1.6.1)

joserfc PYPI version =0.9.0, =1.0.0, =1.0.5, =2.5.0, =2.0.0, =3.0.2, =0.1.3, =0.18.1, =0.1.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: OSV:GHSA-W5R5-M38G-F9F9...

CVE-2026-28414

A flaw was found in Gradio. When running on Windows with Python 3.13 or later, an absolute path traversal vulnerability allows unauthenticated attackers to read arbitrary files from the file system. This occurs because a change in Python's os.path.isabs definition causes Gradio's path joining log...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SBOM CVE Scanner - Enhanced Edition A comprehensive Python to...

CLSA-2026-1772444161 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...