RUSTSEC-2026-0013 Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

RHSA-2026:2865 Red Hat Security Advisory: python-wheel security update

Bulletin has no description...

Important: Red Hat Security Advisory: python-s3transfer security update

An update for python-s3transfer is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.57 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Remote Code Execution via Flow Studio Node Definitions

Description LOLLMS Flow Studio contains multiple code execution vulnerabilities via unsafe use of Python's exec function. Two distinct code paths allow arbitrary Python code execution on the server: 1. Direct Code Execution via/api/flows/testcode Admin endpoint File: backend/routers/flowstudio.py...

[SECURITY] Fedora 43 Update: python-pillow-11.3.0-7.fc43

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

[SECURITY] Fedora 43 Update: mingw-python3-3.11.14-7.fc43

MinGW Windows python3...

[SECURITY] [DLA 4482-1] ceph security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4482-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 17, 2026 https://wiki.debian.org/LTS -...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: python-wheel security update

An update for python-wheel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. There is a security vulnerability in Splunk Enterprise, which stems from issues with the Windows Python module search path. This vulnerability may allow for the execution of malicious code...

smolagents 安全漏洞

smolagents is a basic library for agents, open-sourced by Hugging Face. Version 1.24.0 of smolagents contains a security vulnerability. This vulnerability stems from improper request handling in the LocalPythonExecutor component, which may lead to server-side request forgeing attacks...

Medium: python3.13-virtualenv

Issue Overview: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access c...

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

Medium: python3.12

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

Important: python3.12-wheel

Issue Overview: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename...

OPENSUSE-SU-2026:10221-1 python311-3.11.14-4.1 on GA media

These are all security issues fixed in the python311-3.11.14-4.1 package on the GA media of openSUSE Tumbleweed...