MAL-2026-846 Malicious code in cryptowallethash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592 The package claims to calculate a hash value for usage in "cryptocurrency", but before returning the hash, it exfiltrates the plain value. --- Category:...

OPENSUSE-SU-2026:20193-1 Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc

This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW...

Malicious code in gpu-discovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

AZL-77447 CVE-2026-26007 affecting package python-cryptography 3.3.2-7

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

Malicious Package

Overview bigpyx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview graphlibx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

acedeploy (>=2.4.119 <=2.4.342), adam-assist (>=0.3.4 <=0.3.9) +362 more potentially affected by CVE-2026-26007 via cryptography (>=46.0.0 <=46.0.4)

cryptography PYPI version =46.0.0, =2.4.119, =0.3.4, =0.5.0, =0.0.18, =0.1.0, =0.1.1.post72, =0.11.0, =1.0.6, =0.0.1, =1.1.2, =0.4.0, =0.3.2, =0.3.3 and more Source cves: CVE-2026-26007 Source advisory: SNYK:PYTHON-CRYPTOGRAPHY-15263096...

Malicious code in rzr-home (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14fb9c76cd89c8c46f6d961d450c57fcc5f454cd3ce67a53a1868ba36f66fec1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in amplify-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e12fee1c4154d81de6e4575af21aa6a760da4f5694746264a2de50e2c5782fe Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-842 Malicious code in amplify-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e12fee1c4154d81de6e4575af21aa6a760da4f5694746264a2de50e2c5782fe Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GHSA-HRVR-7X5W-XPMQ vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-5642 vulnerabilities

Vulnerabilities for packages: python...

MAL-2026-841 Malicious code in lyroxpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9016ac99840c4d68028c7b724382974154c9bf75b410da9c6b4a75ff6d20b1f The package contains an embedded archive with an executable. When importing the module, the embedded archive is run as a module. Code inside extracts the...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

GHSA-436V-JG82-P533 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

CVE-2026-21531 Azure SDK for Python Remote Code Execution Vulnerability

...

CVE-2026-21531 Azure SDK for Python Remote Code Execution Vulnerability

...

CVE-2026-21531

CVE-2026-21531 involves deserialization of untrusted data in the Azure SDK, allowing remote code execution over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9.8 (CRITICAL). The impact is high on confidentiality, integrity, and availability, with netw...

Azure SDK for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network...

Security update for python-pip

This update for python-pip fixes the following issues: CVE-2026-1703: Fixed a potential path traversal in python-pip. bsc1257599 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...