CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

CLSA-2026-1778880543 python3: Fix of CVE-2024-4032

CVE-2024-4032: fix incorrect isprivate/isglobal ranges in ipaddress module...

CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

Exploit for CVE-2026-45672

CVE-2026-45672 Overview The Open WebUI platform, designe...

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

OPENSUSE-SU-2026:10798-1 python311-urllib3-2.7.0-1.1 on GA media

These are all security issues fixed in the python311-urllib3-2.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES16 Security Update : python-lxml (SUSE-SU-2026:21603-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21603-1 advisory. This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local fil...

SUSE SLES15 Security Update : python-Mako (SUSE-SU-2026:1820-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1820-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path...

Linux Distros Unpatched Vulnerability : CVE-2026-42266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the...

SUSE SLED15 / SLES15 Security Update : python-Mako (SUSE-SU-2026:1819-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1819-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Fedora 43 : python-jupytext (2026-85b819b928)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85b819b928 advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...

SUSE SLES15 Security Update : python39 (SUSE-SU-2026:1818-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1818-1 advisory. Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base6...

OPENSUSE-SU-2026:10797-1 python311-python-multipart-0.0.28-1.1 on GA media

These are all security issues fixed in the python311-python-multipart-0.0.28-1.1 package on the GA media of openSUSE Tumbleweed...

Jsonpickle 代码注入漏洞

Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...

Photon OS 5.0: Python3 PHSA-2026-5.0-0850

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0850. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...

CVE-2026-45395

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint POST /api/v1/tools/id/id/update is missing the workspace.tools permission check that is present on the tool create endpoint. This allows a user who has been...