Lucene search
K

58389 matches found

Ubuntu
Ubuntu
added 2025/12/09 6:41 a.m.8 views

USN-7916-1: python-apt vulnerability

Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service...

6.9CVSS5.4AI score0.00122EPSS
Exploits1
OSV
OSV
added 2025/12/09 6:41 a.m.7 views

USN-7916-1 python-apt vulnerability

Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service...

6.9CVSS5.8AI score0.00122EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 6:28 a.m.20 views

CVE-2025-13428

CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...

8.6CVSS7AI score0.00287EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 6:28 a.m.4 views

CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

8.6CVSS7AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 6:28 a.m.30 views

CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

8.6CVSS0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 3:35 a.m.6 views

EUVD-2025-201857

Malicious code in sketchfab-spinner PyPI...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/09 3:35 a.m.5 views

Malicious code in sketchfab-spinner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.5AI score
Exploits0References1
OSV
OSV
added 2025/12/09 3:35 a.m.3 views

MAL-2025-192380 Malicious code in sketchfab-spinner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.4AI score
Exploits0References1
Chainguard
Chainguard
added 2025/12/09 1:28 a.m.5 views

CVE-2025-66471 vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...

8.9CVSS6.7AI score0.00622EPSS
Exploits0
Chainguard
Chainguard
added 2025/12/09 1:28 a.m.6 views

CVE-2025-66418 vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...

8.9CVSS6.7AI score0.00622EPSS
Exploits0
Chainguard
Chainguard
added 2025/12/09 1:28 a.m.4 views

GHSA-2XPW-W6GG-JR37 vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2025/12/09 1:28 a.m.2 views

GHSA-GM62-XV2J-4W53 vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...

5.8AI score
Exploits0
NVD
NVD
added 2025/12/09 12:15 a.m.6 views

CVE-2025-66469

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS0.00224EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.8 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1294)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1294 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.5 views

FreeBSD : python -- several vulnerabilities (613d0f9e-d477-11f0-9e85-03ddfea11990)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 613d0f9e-d477-11f0-9e85-03ddfea11990 advisory. Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.5 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2025-1308)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1308 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.10 views

Debian dla-4377 : python-gevent-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4377 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4377-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS7.9AI score0.01334EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 12:0 a.m.1 views

OPENSUSE-SU-2025:15806-1 python311-Django4-4.2.27-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.27-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.02143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49804

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

8.6CVSS7.5AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Google SecOps SOAR Server 安全漏洞

Google SecOps SOAR Server is a security platform from Google, Inc USA. A security vulnerability exists in Google SecOps SOAR Server that stems from insufficient code validation of uploaded Python packages, which could lead to remote code execution...

8.6CVSS7.7AI score0.00287EPSS
Exploits0References1
Rows per page
Query Builder