OPENSUSE-SU-2026:10125-1 python311-django-storages-1.14.6-1.1 on GA media

These are all security issues fixed in the python311-django-storages-1.14.6-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE: Security Advisory (SUSE-SU-2026:20129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Python3 PHSA-2026-4.0-0946

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0946. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

MiracleLinux 8 : python3.11-3.11.13-4.el8_10 (AXSA:2026-103:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-103:03 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial ...

SUSE: Security Advisory (SUSE-SU-2026:20139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 5.0: Python3 PHSA-2026-5.0-0741

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0741. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE: Security Advisory (SUSE-SU-2026:20133-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10126-1 python315-3.15.0~a3-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a3-3.1 package on the GA media of openSUSE Tumbleweed...

GHSA-597G-3PHW-6986 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, request-1276...

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

OPENSUSE-SU-2026:20127-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867 - CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Malicious code in theanswre (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef The OpenSSF Package Analysis project identified 'theanswre' @ 0.2.4 pypi as malicious. It is considered malicious because: - The package execute...

MAL-2026-627 Malicious code in theanswre (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef The OpenSSF Package Analysis project identified 'theanswre' @ 0.2.4 pypi as malicious. It is considered malicious because: - The package execute...

MAL-2026-604 Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in mcp-pdftool-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...

MAL-2026-603 Malicious code in mcp-pdftool-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...