MAL-2026-442 Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Security update for python-FontTools

This update for python-FontTools fixes the following issues: CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...

SUSE-SU-2026:0199-1 Security update for python-FontTools

This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...

brotli security update

An update is available for brotli. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Brotli is a generic-purpose lossless compression algorithm that compresses da...

RLSA-2026:0845 Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Malicious code in anduril-lattice-sdk-grpc-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1baa043d99a594c81f1a153d2da1d69bc4a2e67181cdf491c2f06f65120089aa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-3707

Malicious code in anduril-lattice-sdk-grpc-python PyPI...

MAL-2026-440 Malicious code in anduril-lattice-sdk-grpc-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1baa043d99a594c81f1a153d2da1d69bc4a2e67181cdf491c2f06f65120089aa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-3708

Malicious code in spellcheckpy PyPI...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...

EUVD-2026-3716

Malicious code in coolpackage2323 PyPI...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, where functions such as b64decode, standardb64decode, and urlsafeb64decode always accept the + and/or character, which may lead to data integrity issues...

SAGA: Detecting Security Vulnerabilities Using Static Aspect Analysis

Python is one of the most popular programming languages; as such, projects written in Python involve an increasing number of diverse security vulnerabilities. However, existing state-of-the-art analysis tools for Python only support a few vulnerability types. Hence, there is a need to detect a...

Important Photon OS Security Update - PHSA-2026-5.0-0744

Updates of 'python3-urllib3' packages of Photon OS have been released...

Amazon Linux 2 : python, --advisory ALAS2-2026-3128 (ALAS-2026-3128)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3128 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorith...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...

Debian dsa-6104 : python-keystonemiddleware-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6104 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3126 (ALAS-2026-3126)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3126 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to...

OPENSUSE-SU-2026:10076-1 python311-FontTools-4.61.1-1.1 on GA media

These are all security issues fixed in the python311-FontTools-4.61.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10079-1 python311-weasyprint-68.0-1.1 on GA media

These are all security issues fixed in the python311-weasyprint-68.0-1.1 package on the GA media of openSUSE Tumbleweed...