Exploit for CVE-2025-68613

CVE-2025-68...

EUVD-2025-205375

Malicious code in pxdbench PyPI...

EUVD-2025-205360

Malicious code in envtoolsx PyPI...

MAL-2025-192929 Malicious code in envtoolsx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8718f9207ffeca355720b0d4a59cc778fabe7879fc354837d655affac6a82321 Importing the module, downloads and starts a malicious executable identified as infostealer. Based on Telegram links, this is related to the 2025-12-synium...

EUVD-2025-205356

Malicious code in livekit-agents-hedra PyPI...

MAL-2025-192928 Malicious code in livekit-agents-hedra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8391aaa11b2ae78ceba6cf6eea7b0671d2d21b32d838b94f4504afa13ea832ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2025:23940 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

Oracle Linux 8 : python39:3.9 (ELSA-2025-23530)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23530 advisory. modwsgi numpy python39 3.9.25-2 - Add explicit BR: libxcrypt-devel - Properly apply exported CFLAGS for dtrace/systemtap builds - Update to Python...

RockyLinux 10 : python3.12 (RLSA-2025:23940)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23940 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 Tenable has extracted the preceding description...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1225 more potentially affected by CVE-2025-68664 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-68664 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14560681...

a2a-smol-adapter (=0.1.0), agent-lifecycle-toolkit (>=0.2.1 <=0.10.1) +103 more potentially affected by CVE-2025-14931 via smolagents (>=0.1.3 <=1.9.2)

smolagents PYPI version =0.1.3, =0.2.1, =0.1.0, =0.1.5, =0.1.6, =0.0.1, =0.3.4, =1.0.0, =1.0.1 and more Source cves: CVE-2025-14931 Source advisory: SNYK:PYTHON-SMOLAGENTS-14567305...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14921 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14921 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564365...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14929 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564275...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14930 Source advisory: SNYK:PYTHON-TRANSFORMERS-14563374...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-12839 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

GHSA-Q9R5-6HRR-9PH7 Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +2032 more potentially affected by CVE-2025-14927 via transformers (>=2.10.0 <=4.57.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-14927 Source advisory: OSV:PYSEC-2025-215...

CVE-2025-14927

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...