Oracle Linux 8 : python3.12 (ELSA-2026-2419)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2419 advisory. 3.12.12-2 - Security fix for CVE-2025-13836 Resolves: RHEL-140993 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 8 : python3 (RHSA-2026:2391)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2391 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 9 : python3.9 (RHSA-2026:2392)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2392 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : brotli (RHSA-2026:2401)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:2401 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffma...

CVE-2025-11468 affecting package python3 for versions less than 3.12.9-8

CVE-2025-11468 affecting package python3 for versions less than 3.12.9-8. A patched version of the package is available...

CVE-2026-22701 affecting package python-filelock for versions less than 3.20.3-1

CVE-2026-22701 affecting package python-filelock for versions less than 3.20.3-1. An upgraded version of the package is available that resolves this issue...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +22 more potentially affected by CVE-2026-25528 via langsmith (>=0.4.11 <=0.6.2)

langsmith PYPI version =0.4.11, =0.1.3, =0.1.3, =2.1.7, =0.1.3, =3.0.0, =0.1.4, =1.0.2, =0.1.0, =0.1.0, =0.2.1, =0.2.2 and more Source cves: CVE-2026-25528 Source advisory: SNYK:PYTHON-LANGSMITH-15253026...

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...

CVE-2026-25528

CVE-2026-25528 affects LangSmith Client SDKs with distributed tracing. The baggage header in HTTP requests could inject replica configurations (api_url/api_key), causing the SDK to send trace data to attacker-controlled endpoints via post()/patch() after a traced operation. Root cause: RunTree.fr...

CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

Malicious code in thecorrectjames (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53ae167216303d3e0d2eda2b5321b60fc5bf9431e16ae0caa507123ba45661a1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ctf-pipline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 083eedb7c9187410d3470ab27415ee2e6a7683ef92bafce123198ce9882e07a4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-817 Malicious code in ctf-pipline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 083eedb7c9187410d3470ab27415ee2e6a7683ef92bafce123198ce9882e07a4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Server-side Request Forgery (SSRF)

Overview mcp-run-python is a Model Context Protocol server to run Python code in a sandbox. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to an overly permissive configuration of the Deno sandbox, which allows access to the localhost interface. An attack...

repository-manager (>=1.2.10 <=1.2.15) potentially affected by CVE-2026-25904 via mcp-run-python (=0.0.22)

mcp-run-python PYPI version =0.0.22 is affected by a known vulnerability. The following packages have a transitive dependency on mcp-run-python and may be impacted: - repository-manager =1.2.10, =1.2.15 Source cves: CVE-2026-25904 Source advisory: SNYK:PYTHON-MCPRUNPYTHON-15250607...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

RHSA-2026:2275 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

RHSA-2026:2233 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...