RLSA-2026:2090 Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12-wheel security update

An update is available for python3.12-wheel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...

CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...

MAL-2026-774 Malicious code in adminbypasser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 867991d0e6c74f15c2f231c002867172a4e03044a328676cf9b2ec07a7e48f68 Package silently downloads remote code and adds its execution to the autostart. During analysis, the remote domain no longer existed. --- Category: MALICIOUS -...

PT-2026-6792

Name of the Vulnerable Software and Affected Versions Microsoft Semantic Kernel .NET SDK versions prior to 1.71.0 Agent Framework 1.0 Description An arbitrary file write issue exists in the .NET SDK, specifically within the SessionsPythonPlugin. This flaw can be leveraged to achieve remote code...

AlmaLinux 8 : python3.12-wheel (ALSA-2026:2090)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2090 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

Oracle Linux 7 : python (ELSA-2026-1537)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1537 advisory. 2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Microsoft Semantic Kernel 路径遍历漏洞

Microsoft Semantic Kernel is a large-scale model orchestration framework developed by Microsoft Corporation. Versions of Microsoft Semantic Kernel prior to 1.70.0 contained a path traversal vulnerability, which was caused by an arbitrary file writing vulnerability in the SessionsPythonPlugin...

PT-2026-6847

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

RockyLinux 8 : python3.12-wheel (RLSA-2026:2090)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:2090 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...

Oracle Linux 8 : python3 (ELSA-2026-2128)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2128 advisory. 3.6.8-73.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8.openela.0 - Add openela to supported dists 3.6.8-73 - Security fixes...

SUSE SLES16 Security Update : python-wheel (SUSE-SU-2026:20217-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20217-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable has extracted the...

Security update for python-djangorestframework (moderate)

openSUSE Security Update: Security update for python-djangorestframework Announcement ID: openSUSE-SU-2026:0038-1 Rating: moderate References: 1227077 PED-8919 Cross-References: CVE-2024-21520 CVSS scores: CVE-2024-21520 SUSE: 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products:...

python311-wheel-0.46.3-1.1 on GA media (moderate)

python311-wheel-0.46.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10151-1 Rating: moderate Cross-References: CVE-2026-24049 CVSS scores: CVE-2026-24049 SUSE : 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVE-2026-24049 SUSE : 7.2...

Security update for python-maturin (moderate)

openSUSE security update: security update for python-maturin ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20180-1 Rating: moderate References: bsc1249011 Cross-References: CVE-2025-58160 CVSS scores: CVE-2025-58160 SUSE : 3.1...

AlmaLinux 8 : python3 (ALSA-2026:2128)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2128 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

Debian dla-4471 : debian-security-support - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4471 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/...

RockyLinux 10 : python-wheel (RLSA-2026:1902)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1902 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...