acido (=0.15.0), adstoolbox (>=2025.12.2.2 <=2026.5.19) +207 more potentially affected by CVE-2026-21226 via azure-core (>=1.10.0 <=1.37.0)

azure-core PYPI version =1.10.0, =2025.12.2.2, =0.1.12, =0.1.31, =0.1.1, =0.0.2, =0.0.53, =0.1.0, =0.9.0, =0.2.100, =0.2.123, =1.0.0, =1.0.0, =0.1.0b1, =0.1.0b2 and more Source cves: CVE-2026-21226 Source advisory: SNYK:PYTHON-AZURECORE-14927372...

GHSA-JM66-CG57-JJV5 Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

CVE-2026-21226

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

CVE-2026-21226

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

EUVD-2026-2402

Malicious code in dify-api PyPI...

CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability

...

CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability

...

CVE-2026-21226

CVE-2026-21226 affects the Azure Core shared client library for Python via deserialization of untrusted data, enabling remote code execution by an authorized attacker over the network. Affected product in the connected docs is the Azure Core Python package; remediation guidance across sources rec...

Azure Core shared client library for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Malicious code in dify-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Astra Linux – Vulnerability in python-h2

h2 is a pure-Python implementation of an HTTP/2 protocol stack. Prior to version 4.3.0, there was a vulnerability in HTTP/2 request splitting that allowed attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurred when servers downgraded HTTP/2 request...

Astra Linux – Vulnerability in python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...

SUSE-SU-2026:20077-1 Security update for python-uv

This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

OPENSUSE-SU-2026:20026-1 Security update for python-uv

This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

MiracleLinux 9 : python3.12-3.12.9-1.el9 (AXSA:2025-10388:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10388:05 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python-cryptography-3.2.1-8.el8_10 (AXSA:2025-10797:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10797:01 advisory. python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.11-3.11.11-2.el9 (AXSA:2025-10375:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10375:03 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : python3-3.6.8-21.0.5.0.2.el7.AXS7 (AXSA:2025-11111:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11111:08 advisory. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter=tar/filter=data...