EUVD-2026-0928

Malicious code in lium-io-gztensor PyPI...

Malicious code in lium-io-gztensor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f87521be2fb53979b969dc362d41bfcf6c9f860f8d6517a76889a81dedc06a1 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

EUVD-2026-0929

Malicious code in lium-4-96 PyPI...

EUVD-2026-0930

Malicious code in async-substrate-interface-upgrade PyPI...

EUVD-2026-0931

Malicious code in celium-collateral-upgrade PyPI...

EUVD-2026-0926

Malicious code in gztensor-cli PyPI...

CLSA-2026-1767629333 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

SUSE-SU-2026:0024-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.11. Security issues fixed: - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. CVE-2025-67725: quadratic complexity of string concatenation...

SUSE-SU-2026:0010-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer also styled as VVS $tealer that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a repo...

Kalki-

Kalki- Developed a custom web...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

EUVD-2026-0941

Malicious code in pyrogrom PyPI...

PT-2026-1349

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, may be susceptible to a request smuggling attack when using versions 3.13.2 and below. This issue arises from the...

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

Medium: python3

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

Amazon Linux 2 : python3, --advisory ALAS2-2025-3103 (ALAS-2025-3103)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3103 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache th...

Amazon Linux 2 : python3-tornado, --advisory ALAS2-2025-3109 (ALAS-2025-3109)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3109 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

Critical Photon OS Security Update - PHSA-2026-5.0-0726

Updates of 'python3-urllib3', 'sssd', 'net-snmp' packages of Photon OS have been released...