EUVD-2026-32959

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

EUVD-2026-31986

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

RHSA-2026:19570 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

RHSA-2026:19571 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

RHSA-2026:18693 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

Astra Linux - уязвимость в libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

PT-2026-42168

Name of the Vulnerable Software and Affected Versions Twig versions 2.16.x Twig versions 3.9.0 through 3.25.x Description A sandbox bypass exists when using a SourcePolicyInterface. This occurs because a runtime check fails to use the current template source, allowing attackers with template...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 9 : python3.9 (RHSA-2026:18693)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18693 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

Debian dla-4583 : idle-python3.9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4583 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected]...

CVE-2026-39218

creationtimestamp| type| source ---|---|--- 2026-05-08 18:19:08+00:00| seen| https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f...

CVE-2026-41683

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

Astra Linux - уязвимость в python2.7

The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that include square brackets, which is not valid according to RFC 3986. Square brackets are only intended to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could lead to...

CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-9.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...