58389 matches found
USN-7916-1: python-apt vulnerability
Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service...
USN-7916-1 python-apt vulnerability
Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service...
CVE-2025-13428
CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
EUVD-2025-201857
Malicious code in sketchfab-spinner PyPI...
Malicious code in sketchfab-spinner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-192380 Malicious code in sketchfab-spinner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2025-66471 vulnerabilities
Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...
CVE-2025-66418 vulnerabilities
Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...
GHSA-2XPW-W6GG-JR37 vulnerabilities
Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...
GHSA-GM62-XV2J-4W53 vulnerabilities
Vulnerabilities for packages: ansible-operator-fips, ggshield, pgadmin4-fips, kubeflow-pipelines-visualization-server, emissary, spamcheck, az, confluent-docker-utils, datadog-agent, apache-beam-python-3.11-sdk, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool, airflow, py3-pip, request-1276,...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1294)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1294 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...
FreeBSD : python -- several vulnerabilities (613d0f9e-d477-11f0-9e85-03ddfea11990)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 613d0f9e-d477-11f0-9e85-03ddfea11990 advisory. Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some...
Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2025-1308)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1308 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...
Debian dla-4377 : python-gevent-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4377 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4377-1 [email protected] https://www.debian.org/lts/security/...
OPENSUSE-SU-2025:15806-1 python311-Django4-4.2.27-1.1 on GA media
These are all security issues fixed in the python311-Django4-4.2.27-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2025-49804
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
Google SecOps SOAR Server 安全漏洞
Google SecOps SOAR Server is a security platform from Google, Inc USA. A security vulnerability exists in Google SecOps SOAR Server that stems from insufficient code validation of uploaded Python packages, which could lead to remote code execution...