EUVD-2026-8819

Langflow has Remote Code Execution in CSV Agent...

GHSA-3645-FXCV-HQR4 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

MAL-2026-1064 Malicious code in cicd-ppe-redteam-test02 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-1063 Malicious code in cicd-ppe-redteam-test01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CLSA-2026-1772192033 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...

CVE-2026-27952

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

[SECURITY] Fedora 42 Update: python3.15-3.15.0~a6-1.fc42

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

[SECURITY] Fedora 43 Update: python3.15-3.15.0~a6-1.fc43

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

pypdf 资源管理错误漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.7.4 of pypdf, there was a resource management vulnerability due to improper handling of specially crafted PDF files during...

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.7, Gradio had a security vulnerability. This vulnerability stemmed from changes in the definition of os.path.isabs in Python 3.13+,...

PT-2026-22409

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.7 Description Gradio is a Python package for prototyping applications. Applications running on Windows with Python 3.13 and later are susceptible to an absolute path traversal issue. A change in Python 3.13+ altered...

Moderate Photon OS Security Update - PHSA-2026-4.0-0971

Updates of 'python3-filelock' packages of Photon OS have been released...

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:0618-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0618-1 advisory. i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable...

Debian: Security Advisory (DSA-6150-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2026:0635-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python311-Flask-3.1.3-1.1 on GA media (moderate)

python311-Flask-3.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10264-1 Rating: moderate Cross-References: CVE-2026-27205 CVSS scores: CVE-2026-27205 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2026-27205 SUSE : 6...

Security update for python-urllib3_1 (moderate)

openSUSE security update: security update for python-urllib31 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20271-1 Rating: moderate References: bsc1254866 bsc1254867 bsc1256331 Cross-References: CVE-2025-66418 CVE-2025-66471 CVE-2026-21441 CVSS...

python: Fix of 2 CVEs

CVE-2018-1060: fix catastrophic backtracking in APOP method, prevent denial of service, add input validation and enforce backtracking limits - CVE-2018-1061: fix catastrophic backtracking in the difflib.ISLINEJUNK method...