58389 matches found
Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2025-1308)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1308 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...
Debian dla-4377 : python-gevent-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4377 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4377-1 [email protected] https://www.debian.org/lts/security/...
RHEL 7 : python-kdcproxy (RHSA-2025:22982)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22982 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
MAL-2025-192379 Malicious code in helloharry123p (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e199ebf30ba4e39d4e6bd9fc4d31ffa9f0a7687e21f67e2e6e8c01e3f24717a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2025-66471 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, mlflow, kserve, jupyter-base-notebook, kubeflow-jupyter-web-app, tensorflow-cpu-jupyter, ggshield, open-webui, pypy-3.10, semgrep, airflow, py3-pipenv, kubeflow-volumes-web-app, py3-urllib3, kubeflow-katib, datadog-agent, dask-kubernetes,...
CVE-2025-66418 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, mlflow, kserve, jupyter-base-notebook, kubeflow-jupyter-web-app, tensorflow-cpu-jupyter, ggshield, open-webui, pypy-3.10, semgrep, airflow, py3-pipenv, kubeflow-volumes-web-app, py3-urllib3, kubeflow-katib, datadog-agent, dask-kubernetes,...
GHSA-2XPW-W6GG-JR37 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, mlflow, kserve, jupyter-base-notebook, kubeflow-jupyter-web-app, tensorflow-cpu-jupyter, ggshield, open-webui, pypy-3.10, semgrep, airflow, py3-pipenv, kubeflow-volumes-web-app, py3-urllib3, kubeflow-katib, datadog-agent, dask-kubernetes,...
Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing atta...
EUVD-2025-201711
Malicious code in graphnode PyPI...
Exploit for Improper Input Validation in Drupal
POC-CVE-2018-7600 Drupal vulnerable a CVE-2018-7600 Drupalge...
Low: python3.11
Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.9.20251208 or dnf update --advisory...
Low: python3.12
Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.12 Issue Correction: Run dnf update python3.12 --releasever 2023.9.20251208 or dnf update --advisory...
Low: python3.9
Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.9 Issue Correction: Run dnf update python3.9 --releasever 2023.9.20251208 or dnf update --advisory...
Low: python3.13
Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.13 Issue Correction: Run dnf update python3.13 --releasever 2023.9.20251208 or dnf update --advisory...
Medium: python-ldap
Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue...
PT-2025-49452
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Network File System Daemon NFSD component of the Linux kernel. Specifically, a crash can occur within the nfsd4 read release function when tracing is enabled,...
Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3083 (ALAS-2025-3083)
The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3083 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...
Amazon Linux 2 : python3, --advisory ALAS2-2025-3084 (ALAS-2025-3084)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3084 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding...
Amazon Linux 2 : python-kdcproxy, --advisory ALAS2-2025-3085 (ALAS-2025-3085)
The version of python-kdcproxy installed on the remote host is prior to 0.3.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3085 advisory. If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by...
Linux Distros Unpatched Vulnerability : CVE-2025-6966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a...