Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2026-2415)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...

5.5CVSS4.9AI score0.0039EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 4:3 p.m.2 views

SUSE-SU-2026:1220-1 Security update for python-poetry

This update for python-poetry fixes the following issue: - CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write bsc1261383...

7.1CVSS5.9AI score0.00468EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/04/07 8:2 a.m.7 views

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

...

7.1CVSS5.2AI score0.00468EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/02 5:35 p.m.4 views

CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package...

7.1CVSS6.1AI score0.00468EPSS
Exploits1References4
CVE
CVE
added 2026/04/02 5:35 p.m.57 views

CVE-2026-34591

CVE-2026-34591 (Poetry) is a wheel path traversal vulnerability in Poetry for Python. From version 1.4.0 up to 2.3.2 (patched in 2.3.3), a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, enabling arbitrary file writes with the Poetry process’s privileges...

7.1CVSS6.1AI score0.00468EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:35 p.m.24 views

CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package...

7.1CVSS0.00468EPSS
Exploits1References4
OSV
OSV
added 2026/02/28 12:44 p.m.5 views

OESA-2026-1444 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS5.9AI score0.02667EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/02/05 3:32 a.m.210 views

Exploit for CVE-2026-24049

wheelaudit Python Wheel File Security Scanner — scan .wh...

9.8CVSS5.5AI score0.0039EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/02/02 2:43 p.m.5 views

CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS
Exploits1References4
Rows per page
Query Builder