MAL-2026-498 Malicious code in instascan-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94d76fe0beb67ab3d875d659dac44b4650be6b8f5bbb4b43635c0fc2fa7b4af9 The package contains a module prepared to collect and exfiltrate user's files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-3.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-3.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

SUSE CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

SUSE SLES15 / openSUSE 15 Security Update : python-marshmallow (SUSE-SU-2026:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0226-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding...

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:0210-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0210-1 advisory. Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data'...

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:0222-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0222-1 advisory. - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. -...

Fedora 42 : python3.9 (2026-43e2b1e209)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-43e2b1e209 advisory. Security fix for CVE-2025-12084 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2026:0268-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0268-1 advisory. - CVE-2025-13836: Fixed reading an HTTP response from a server, if no read amount is specified, with using Content-Length per...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pyasn1 (SUSE-SU-2026:0252-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0252-1 advisory. - CVE-2026-23490: Fixed Denial-of-Service issue that may lead to memory exhaustion from malformed...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-filelock (SUSE-SU-2026:0220-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0220-1 advisory. - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitra...

Fedora 43 : python3.9 (2026-975a15098b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-975a15098b advisory. Security fix for CVE-2025-12084 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3 (SUSE-SU-2026:0255-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0255-1 advisory. - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-virtualenv (SUSE-SU-2026:0233-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0233-1 advisory. - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458...

Malicious Package

Overview ansi-universal-ui is a malicious package. This package contains malicious code, and it has been removed from the official package manager. The package sets up a standalone Python runtime and downloads an obfuscated payload from an Appwrite storage bucket that, upon execution, performs an...

AZL-75234 CVE-2026-1299 affecting package python3 3.12.9-8

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

GHSA-7GCM-G887-7QV7 protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

AZL-76487 CVE-2026-0994 affecting package protobuf for versions less than 3.17.3-5

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...