Malicious code in oraceldb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

MAL-2026-868 Malicious code in pydantics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda36b358c57e79abf804d53d4750cf2836f930b07aa524c0b5c4d231d92143f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Malicious code in marshmellow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbf6f50353e6489a831a2575831b93fd5f99a9cbd60cc30260fd13838beda73f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

MAL-2026-946 Malicious code in lala6992 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 03f1d0663411a521e65c618865d7a6e362db8597306c4c8c41d6226292ca7854 The OpenSSF Package Analysis project identified 'lala6992' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package executes...

SUSE CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

Malicious code in get-incorrect-name-bob (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb10edcf75f6463de2adaa0a621cf5fb215b5431a87d36a3b94e1910fb774ab While disguised as a dummy MCP server, the only real functionality is exfiltrating hostname on importing. --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2026-862 Malicious code in get-incorrect-name-bob (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb10edcf75f6463de2adaa0a621cf5fb215b5431a87d36a3b94e1910fb774ab While disguised as a dummy MCP server, the only real functionality is exfiltrating hostname on importing. --- Category: PROBABLYPENTEST - Packages looking like...

Linux Distros Unpatched Vulnerability : CVE-2025-69872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve...

SUSE SLED15 / SLES15 Security Update : python-urllib3 (SUSE-SU-2026:0443-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0443-1 advisory. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API...

Ubuntu: Security Advisory (USN-8027-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : python313-wheel (SUSE-SU-2026:0425-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0425-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable h...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-wheel (SUSE-SU-2026:0424-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0424-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification...

openSUSE 16 Security Update : orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc (openSUSE-SU-2026:20193-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20193-1 advisory. Changes in orthanc: - dcmtk 370 breaks TW build - switch to lua 5.4 - patch out boost component system from framework - version 1.12.10 ' long...

Ubuntu 22.04 LTS / 24.04 LTS : Python-Multipart vulnerabilities (USN-8027-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8027-1 advisory. It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause...

SUSE SLES15 / openSUSE 15 Security Update : python-brotlipy (SUSE-SU-2026:0423-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0423-1 advisory. - Add max length decompression bsc1254867, bsc1256017 Tenable has extracted the preceding description block directly from the...

SUSE SLED15 / SLES15 Security Update : python-pyasn1 (SUSE-SU-2026:0430-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0430-1 advisory. - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service bsc12569...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-1669 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.1.0 and more Source cves: CVE-2026-1669 Source advisory: SNYK:PYTHON-KERAS-15268069...

Security update for python-wheel

This update for python-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

SUSE-SU-2026:0460-1 Security update for python-wheel

This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

GHSA-W8V5-VHQR-4H9V DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...