CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

CVE-2022-27177

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

RLSA-2026:0123 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

GHSA-XQRQ-4MGF-FF32 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.11-sdk...

CVE-2025-50817 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.11-sdk...

SUSE CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

SUSE CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

Python Site-Specific Hook Persistence

This Metasploit module leverages Python's startup mechanism, where some files can be automatically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages...

Oracle Linux 8 : python3.12 (ELSA-2026-0123)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0123 advisory. 3.12.12-1 - Update to 3.12.12 - Security fix for CVE-2025-8291 and CVE-2025-12084 Resolves: RHEL-128364, RHEL-135391 Tenable has extracted the precedin...

Photon OS 4.0: Python3 PHSA-2026-4.0-0938

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0938. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 8 : python3.12 (RLSA-2026:0123)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0123 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 cpython: python: cpython: Quadratic algorit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000167 advisory. In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000176 advisory. An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain...

Photon OS 4.0: Python3 PHSA-2025-4.0-0853

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0853. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 8 : python3.12 (ALSA-2026:0123)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0123 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 cpython: python: cpython: Quadratic algorith...

Photon OS 5.0: Python3 PHSA-2025-5.0-0595

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0595. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Unity Linux 20.1070e Security Update: python-eventlet (UTSA-2026-000486)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000486 advisory. A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000166 advisory. In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri is subject to a potential DoS denial of service attack via certa...