58153 matches found
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
[SECURITY] Fedora 42 Update: uv-0.9.30-2.fc42
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-3.fc42
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
[SECURITY] Fedora 42 Update: maturin-1.9.6-3.fc42
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
DiskCache 安全漏洞
DiskCache: Disk Backed Cache is a disk backup cache tool developed by Grant Jenks. Versions of DiskCache 5.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default use of Python pickle for serialization, which could allow attackers to execute arbitrary co...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
RockyLinux 10 : python-urllib3 (RLSA-2026:1086)
The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1086 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
RockyLinux 8 : brotli (RLSA-2026:2389)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:2389 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the RockyLin...
RockyLinux 9 : python3.12-urllib3 (RLSA-2026:1088)
The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1088 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
RockyLinux 8 : python3.12-urllib3 (RLSA-2026:1226)
The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1226 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
RockyLinux 8 : python3.12 (RLSA-2026:2419)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:2419 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 Tenable has extracted the preceding description block directly from the RockyLinux security...
SUSE SLES12 Security Update : python-pip (SUSE-SU-2026:0420-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0420-1 advisory. - CVE-2026-1703: Fixed a potential path traversal in python-pip. bsc1257599 Tenable has extracted the preceding description block directly from the SUS...
RockyLinux 8 : python-urllib3 (RLSA-2026:1254)
The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
AlmaLinux 8 : brotli (ALSA-2026:2389)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2389 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the AlmaLinux...
RHEL 9 : python3.12-urllib3 (RHSA-2026:1957)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:1957 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
OPENSUSE-SU-2026:10179-1 python311-maturin-1.11.5-1.1 on GA media
These are all security issues fixed in the python311-maturin-1.11.5-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in cryptowallethash (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592 The package claims to calculate a hash value for usage in "cryptocurrency", but before returning the hash, it exfiltrates the plain value. --- Category:...