AZL-75041 CVE-2025-15366 affecting package python3 3.9.19-19

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

UBUNTU-CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the http.cookies.Morsel field. An attacker can manipulate HTTP responses by injecting arbitrary headers through user-controlled cookie values or parameters. Remediation A fix was pushed into the master branch but not...

CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4

CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4. A patched version of the package is available...

[SECURITY] [DSA 6104-1] python-keystonemiddleware security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2026 https://www.debian.org/security/faq -...

PSF-2026-2

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the urllib.request.DataHandler. An attacker can manipulate HTTP headers by injecting newline characters in the mediatype portion of a data URL, to alter request behavior or bypass security controls. Remediation A fix...

aegis-game (>=2.0.0 <=2.9.9), bittrade-binance-websocket (>=0.2.3 <=0.4.8) +28 more potentially affected by CVE-2025-66902 via websocket-server (>=0.4.0 <=0.6.4)

websocket-server PYPI version =0.4.0, =2.0.0, =0.2.3, =0.1.7, =0.2.0, =0.1.0, =0.1.1, =0.1.0, =0.7.0, =0.0.11, =0.2.0, =0.2.39 and more Source cves: CVE-2025-66902 Source advisory: SNYK:PYTHON-WEBSOCKETSERVER-15046798...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

UBUNTU-CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

[SECURITY] [DLA 4445-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4445-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura January 20, 2026 https://wiki.debian.org/LTS -...

EUVD-2026-3496

Malicious code in spellcheckerpy PyPI...

abjad (>=3.20.0 <=3.31.0), abjad-ext-nauert (>=3.20.0 <=3.21.0) +2175 more potentially affected by CVE-2025-56005 via ply (>=3.10.0 <=3.8.0)

ply PYPI version =3.10.0, =3.20.0, =3.20.0, =3.20.0, =1.1.0, =0.1.0.post1, =0.5.1, =4.2.0, =1.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-56005 Source advisory: SNYK:PYTHON-PLY-15046763...

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan RAT. The activity delivers "weaponized files via Dynamic Link Library DLL sideloading, combined wit...

Exploit for CVE-2026-22812

README.md OpenCode CVE-2026-22812 Exploiter Simple Python tool...

CLSA-2026-1768911433 python3.11: Fix of CVE-2025-12084

CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Detection Bypass

fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...