Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000160 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution...

Medium: python3.11

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...

Medium: python3.12

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...

python311-filelock-3.20.2-1.1 on GA media (moderate)

python311-filelock-3.20.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10010-1 Rating: moderate Cross-References: CVE-2025-68146 CVSS scores: CVE-2025-68146 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2025-68146 SUSE : 5.7...

Medium: python3.9

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

PT-2026-2060

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.22 through 2.6.2 Description urllib3 is a Python HTTP client library. Its streaming API is designed for efficient handling of large HTTP responses by reading content in chunks. The library decompresses content based on the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000172 advisory. An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential...

Important Photon OS Security Update - PHSA-2026-5.0-0729

Updates of 'python3' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2026-4.0-0939

Updates of 'python3' packages of Photon OS have been released...

EUVD-2026-1100

Malicious code in py-publish-test-0126 PyPI...

MAL-2026-98 Malicious code in py-publish-test-0126 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 993085ca23a6a729d332eade4d58778a42c1d19b18237ab4b3c3a6bacf9fd126 Dependency confusion demonstration package with reporting through a decorator function --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

EUVD-2026-1101

Malicious code in testingpy PyPI...

Malicious code in robustinfer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fd89ce9f166281f91029df8dc7595d23503a595a4baba85f1702ccf0b4e2b11 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-14026

Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...

CVE-2025-14026

Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...

CVE-2025-14026 Vulnerable Python version used in Forcepoint One DLP Client

Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...

CVE-2025-14026 Vulnerable Python version used in Forcepoint One DLP Client

Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...

CVE-2025-14026

Summary (CVE-2025-14026): Forcepoint One DLP Client (version 23.04.5642 and potentially newer) ships with a restricted Python 2.5.4 runtime that blocks ctypes (FFI). The restriction was shown to be bypassable by reintroducing ctypes support, enabling potential arbitrary code execution via DLLs/me...

EUVD-2026-1103

Malicious code in pycolorom PyPI...

MAL-2026-96 Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...