697 matches found
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
CVE-2026-6357
CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
GHSA-58QW-9MGM-455V vulnerabilities
Vulnerabilities for packages: azureml-inference-server-http-fips, py3-pip, kubeflow-katib, py3-hashin, datadog-agent-fips, tensorflow-gpu-jupyter, py3.14-virtualenv, ansible-operator-fips, graalvm, pypy-3.10, py3-cassandra-medusa, request-1276, nvidia-nsight-compute-13.2, nemo,...
CVE-2026-3219 vulnerabilities
Vulnerabilities for packages: azureml-inference-server-http-fips, py3-pip, kubeflow-katib, py3-hashin, datadog-agent-fips, tensorflow-gpu-jupyter, py3.14-virtualenv, ansible-operator-fips, graalvm, pypy-3.10, py3-cassandra-medusa, request-1276, nvidia-nsight-compute-13.2, nemo,...
GHSA-58QW-9MGM-455V vulnerabilities
Vulnerabilities for packages: pypy-3.10, pypy-3.11, py3.14-virtualenv, py3-cassandra-medusa, datadog-agent, kubeflow-katib, py3-virtualenv, py3-pip, tensorflow-cpu-jupyter, py3-pip-wheel-bootstrap...
CVE-2026-3219 vulnerabilities
Vulnerabilities for packages: pypy-3.10, pypy-3.11, py3.14-virtualenv, py3-cassandra-medusa, datadog-agent, kubeflow-katib, py3-virtualenv, py3-pip, tensorflow-cpu-jupyter, py3-pip-wheel-bootstrap...
pip 安全漏洞
pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...
PT-2026-35435
Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1 Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This...
python3.12-wheel security update
0.41.2-3.1 - Security fix for CVE-2026-24049 Resolves: RHEL-143652...
EUVD-2026-25577
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
CVE-2026-6911
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
PT-2026-35027
Name of the Vulnerable Software and Affected Versions AWS Ops Wheel affected versions not specified Description Missing JWT signature verification allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application. This enables the ability to read,...
AWS Ops Wheel 安全漏洞
AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...
Security Bulletin: Vulnerability in wheel affects IBM Netezza Appliance
Summary The wheel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-24049 Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.28 security and extras update
Red Hat OpenShift Container Platform release 4.19.28 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...