Security update for python-python-multipart (important)

openSUSE security update: security update for python-python-multipart ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20125-1 Rating: important References: bsc1257301 Cross-References: CVE-2026-24486 CVSS scores: CVE-2026-24486 SUSE : 8.2...

python3.12 security update

3.12.12-3.0.1 - Remove upstream URL reference 3.12.12-3 - Security fix for CVE-2025-13836 Resolves: RHEL-140978 3.12.12-2 - Security fix for CVE-2025-12084 Resolves: RHEL-135387...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

Oracle Linux 8 : python3 (ELSA-2026-1631)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1631 advisory. 3.6.8-72.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8.openela.0 - Add openela to supported dists 3.6.8-72 - Security fix for...

ALSA-2026:1828 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Oracle Linux 10 : python3.12 (ELSA-2026-1828)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1828 advisory. - Security fix for CVE-2025-13836 Resolves: RHEL-140978 Tenable has extracted the preceding description block directly from the Oracle Linux security...

python311-PyNaCl-1.6.2-1.1 on GA media (moderate)

python311-PyNaCl-1.6.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10130-1 Rating: moderate Cross-References: CVE-2025-69277 CVSS scores: CVE-2025-69277 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2025-69277 SUSE : 4.8...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1226)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-1777 via sagemaker (=3.12.0)

sagemaker PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.24, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves:...

GHSA-RJRP-M2JW-PV9C SageMaker Python SDK has Exposed HMAC

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +26 more potentially affected by CVE-2026-1778 via sagemaker (>=2.0.0 <=2.254.1)

sagemaker PYPI version =2.0.0, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =1.0.0, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1778 Source advisory: SNYK:PYTHON-SAGEMAKER-15182756...

SageMaker Python SDK has Insecure TLS Configuration

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where SSL certificate verification was globally disabled in the Triton Python backend has been found. Impact Arbitrary Code Execution: Disabling SSL verification...

GHSA-62RC-F4V9-H543 SageMaker Python SDK has Insecure TLS Configuration

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where SSL certificate verification was globally disabled in the Triton Python backend has been found. Impact Arbitrary Code Execution: Disabling SSL verification...

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...

Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

CVE-2026-1778

SageMaker Python SDK (before v3.1.1 or v2.256.0) disables TLS certificate verification in the Triton Python backend during model import, allowing HTTPS requests to succeed with invalid/self-signed certificates. Affected versions: SDK &lt;3.1.1 and