RHSA-2026:3354 Red Hat Security Advisory: python-pyasn1 security update

Bulletin has no description...

OPENSUSE-SU-2026:20271-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

CLSA-2026-1772098033 python2: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via embedded newlines...

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview magichat is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview polyclawd is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

CVE-2026-27966

Langflow before version 1.8.0 exposes a remote code execution risk through the CSV Agent node by hardcoding allow_dangerous_code=True, which enables Python REPL access (python_repl_ast) via prompt injection. This allows an attacker to execute arbitrary Python/OS commands on the server. The issue ...

CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

EUVD-2026-8814

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

CVE-2026-27952

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

[SECURITY] Fedora 43 Update: python3-docs-3.14.3-1.fc43

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 43 Update: python3.14-3.14.3-1.fc43

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

NVDA Dev & Test Toolbox 安全漏洞

NVDA Dev & Test Toolbox is a debugging and testing tool developed by Cyrille Bougot as an individual contributor. Versions 2.0 to 8.0 of NVDA Dev & Test Toolbox contain security vulnerabilities. These vulnerabilities stem from the log reader’s handling of Python expressions in log files in an...

OPENSUSE-SU-2026:10264-1 python311-Flask-3.1.3-1.1 on GA media

These are all security issues fixed in the python311-Flask-3.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-22178

Name of the Vulnerable Software and Affected Versions Unitree Go2 versions V1.1.7 through V1.1.9 Unitree Go2 version V1.1.11 EDU Description Lack of DDS authentication and authorization for the Eclipse CycloneDDS topic "rt/api/programming actuator/request" handled by actuator manager.py allows a...