Siemens Ruggedcom ROX Race Condition (CVE-2024-0397)

A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and getcacerts. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the...

(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadtoolmodulebyid function. The issue results from the lack of proper validation of a...

OPENSUSE-SU-2026:10025-1 python311-aiohttp-3.13.3-1.1 on GA media

These are all security issues fixed in the python311-aiohttp-3.13.3-1.1 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-7950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10026-1 python311-urllib3-2.6.2-1.1 on GA media

These are all security issues fixed in the python311-urllib3-2.6.2-1.1 package on the GA media of openSUSE Tumbleweed...

Siemens Ruggedcom ROX Improper Input Validation (CVE-2024-5642)

CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being not...

Siemens Ruggedcom ROX Code Injection (CVE-2024-6923)

There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This plugin only works with Tenable.ot. Please visit...

Fedora 43 : python3.12 (2026-2c35952b90)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c35952b90 advisory. - Security fix for CVE-2025-12084 - Require at least the same expat version as used during the build time Tenable has extracted the preceding description blo...

Siemens Ruggedcom ROX Improper Validation of Specified Type of Input (CVE-2024-11168)

he urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. This plugin only works with Tenable.ot...

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

EUVD-2026-1561

picklescan has Arbitrary file read using io.FileIO...

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the...

SUSE-SU-2026:20043-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: Fixed missing validation of the supplied reason phrase bsc1254903 - CVE-2025-67725: Fixed inefficient algorithm when parsing parameters for HTTP header values bsc1254905 - CVE-2025-67726: Fixed Denial of Service DoS via...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Malicious code in do-not-install-this-package-002 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

EUVD-2026-1619

Malicious code in do-not-install-this-package-002 PyPI...