abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by unknown CVE via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MLFLOW-14829280...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by unknown CVE via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MLFLOW-14806999...

Exploit for Path Traversal in Huawei Hg255S-10_Firmware

Huawei HG255 Directory Traversal Exploit CVE-2017-17309 Thi...

PT-2026-2245

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.0 Description pypdf is a pure-python PDF library. Versions prior to 6.6.0 are susceptible to long runtimes when processing malformed startxref entries within PDF files. An attacker can create a specially crafted PDF...

PT-2026-25090

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.12.0 Description PyJWT is a Python implementation for handling JSON Web Tokens JWT. Before version 2.12.0, the library did not properly validate the 'crit' Critical Header Parameter as defined in RFC 7515 §4.1.11...

PT-2026-25073

Name of the Vulnerable Software and Affected Versions Black versions prior to 26.3.1 Description Black, a Python code formatter, prior to version 26.3.1, improperly sanitizes user-supplied input when constructing the filename for a cache file. Specifically, the value provided to the...

SUSE SLES12: libpython3_4m1_0 / libpython3_4m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:4538-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4538-1 advisory. - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default...

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

SUSE SLES12: libpython3_6m1_0 / libpython3_6m1_0-32bit / python36 / etc (SUSE-SU-2025:4539-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4539-1 advisory. - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to...

GHSA-WCJ4-JW5J-44WH CBORDecoder reuse can leak shareable values across decode calls

Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...

EUVD-2025-206046

Malicious code in requeses PyPI...

Malicious code in requeses (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60e475750b95349319dcce7f69afe6399fe78c271b772c001f7a01df5e1e7bba Typosquatting package with a Telegram-bot with RAT-like functionality. The code has been changed a bit compared to the previous incarnations, but keeps the sam...

MAL-2025-193011 Malicious code in requeses (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60e475750b95349319dcce7f69afe6399fe78c271b772c001f7a01df5e1e7bba Typosquatting package with a Telegram-bot with RAT-like functionality. The code has been changed a bit compared to the previous incarnations, but keeps the sam...

EUVD-2025-206048

Malicious code in pyrogrqm PyPI...

Malicious code in pyrogrqm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 02c3334952bcf80c0523b20a24f0b744463a944a4f3d18dc45a3f3c1bd00c1eb The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Security update for python36

This update for python36 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 CVE-2025-13837: Fixed plistlib module denial of...

MAL-2025-193008 Malicious code in telegreph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

EUVD-2025-206050

Malicious code in accesspdp PyPI...

EUVD-2025-206051

Malicious code in aiogrem PyPI...