58259 matches found
AZL-75231 CVE-2025-12781 affecting package python3 3.12.9-9
When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...
CVE-2025-12781
When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...
PSF-2026-7
When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...
EUVD-2026-3704
Malicious code in terminalbrush PyPI...
MAL-2026-444 Malicious code in terminalbrush (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 35e06fb41f9c1a4f082cf49a72dec89fc5b4d2f6580b97e527d291d50807b801 Package downloads an executable, places it distinguished as a Python binary and starts it. At the time of analysis, the URL was no longer active, so it was not...
CLSA-2026-1769020780 python3.9: Fix of CVE-2025-12084
CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...
Malicious code in 1q847 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fe398aee3ca61989d1610e4b2edae183ef70d5fabc08709875ca9ef8725d82c5 Package contains two DLL libraries, one of them packed. Both are widely recognized as malware. The exact behavior is not known --- Category: MALICIOUS - The...
EUVD-2026-3705
Malicious code in 1q847 PyPI...
MAL-2026-443 Malicious code in 1q847 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fe398aee3ca61989d1610e4b2edae183ef70d5fabc08709875ca9ef8725d82c5 Package contains two DLL libraries, one of them packed. Both are widely recognized as malware. The exact behavior is not known --- Category: MALICIOUS - The...
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...
CVE-2025-66418 affecting package python-urllib3 for versions less than 1.26.19-3
CVE-2025-66418 affecting package python-urllib3 for versions less than 1.26.19-3. A patched version of the package is available...
CVE-2026-21441 affecting package python-urllib3 for versions less than 1.26.19-3
CVE-2026-21441 affecting package python-urllib3 for versions less than 1.26.19-3. A patched version of the package is available...
CVE-2025-66471 affecting package python-urllib3 for versions less than 1.26.19-3
CVE-2025-66471 affecting package python-urllib3 for versions less than 1.26.19-3. A patched version of the package is available...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
CVE-2025-15367
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server. Mitigation...
CVE-2025-15366
A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server. Mitigati...
SUSE-SU-2026:20364-1 Security update for python-urllib3
This update for python-urllib3 fixes the following issues: - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331...
SUSE-SU-2026:20270-1 Security update for python-urllib3
This update for python-urllib3 fixes the following issues: - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331...
EUVD-2026-3706
Malicious code in xadauiom PyPI...
Malicious code in xadauiom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...