Lucene search
K

89 matches found

CVE
CVE
added 2026/05/21 2:32 p.m.27 views

CVE-2026-9089

The CVE-2026-9089 issue affects the ConnectWise Automate Agent. According to connected sources, the agent does not fully verify the authenticity of components during plugin loading and self-update operations. The underlying impact is risk of tampered or unverified components being loaded during e...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/21 2:32 p.m.10 views

EUVD-2026-31290

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 2:32 p.m.40 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 2:32 p.m.9 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 2:32 p.m.15 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42478

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2026.5 Description The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the...

8.8CVSS6.1AI score0.00311EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.17 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/05 3:8 p.m.7 views

CVE-2026-6357

A flaw was found in pip. Prior to version 26.1, pip's self-update check functionality would execute after installing wheel packages. This process involved importing newly installed Python modules. A malicious actor could craft a specially designed wheel package that, when installed, could lead to...

5.8CVSS6.1AI score0.00138EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/04/30 8:10 a.m.9 views

pip self-update functionality can import newly installed modules after wheel installation

...

5.3CVSS6.2AI score0.00138EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/30 2:30 a.m.10 views

SUSE CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.8CVSS5.3AI score0.00138EPSS
Exploits0References7
OSV
OSV
added 2026/04/27 3:30 p.m.3 views

GHSA-JP4C-XJXW-MGF9 pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/27 3:30 p.m.14 views

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/27 3:16 p.m.10 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS0.00138EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 3:16 p.m.5 views

UBUNTU-CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/27 3:16 p.m.9 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 2:19 p.m.32 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 2:19 p.m.2 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References7
Rows per page
Query Builder