Lucene search
+L

697 matches found

Cvelist
Cvelist
added 2026/04/27 2:19 p.m.34 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 2:19 p.m.55 views

CVE-2026-6357

CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 2:19 p.m.2 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References7
Chainguard
Chainguard
added 2026/04/27 7:18 a.m.6 views

GHSA-58QW-9MGM-455V vulnerabilities

Vulnerabilities for packages: azureml-inference-server-http-fips, py3-pip, kubeflow-katib, py3-hashin, datadog-agent-fips, tensorflow-gpu-jupyter, py3.14-virtualenv, ansible-operator-fips, graalvm, pypy-3.10, py3-cassandra-medusa, request-1276, nvidia-nsight-compute-13.2, nemo,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/27 7:18 a.m.7 views

CVE-2026-3219 vulnerabilities

Vulnerabilities for packages: azureml-inference-server-http-fips, py3-pip, kubeflow-katib, py3-hashin, datadog-agent-fips, tensorflow-gpu-jupyter, py3.14-virtualenv, ansible-operator-fips, graalvm, pypy-3.10, py3-cassandra-medusa, request-1276, nvidia-nsight-compute-13.2, nemo,...

4.6CVSS5.8AI score0.00144EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/27 1:48 a.m.18 views

GHSA-58QW-9MGM-455V vulnerabilities

Vulnerabilities for packages: pypy-3.10, pypy-3.11, py3.14-virtualenv, py3-cassandra-medusa, datadog-agent, kubeflow-katib, py3-virtualenv, py3-pip, tensorflow-cpu-jupyter, py3-pip-wheel-bootstrap...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/04/27 1:48 a.m.23 views

CVE-2026-3219 vulnerabilities

Vulnerabilities for packages: pypy-3.10, pypy-3.11, py3.14-virtualenv, py3-cassandra-medusa, datadog-agent, kubeflow-katib, py3-virtualenv, py3-pip, tensorflow-cpu-jupyter, py3-pip-wheel-bootstrap...

4.6CVSS5.8AI score0.00144EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35435

Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1 Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This...

5.8CVSS6.7AI score0.00144EPSS
Exploits0References119
Oracle linux
Oracle linux
added 2026/04/27 12:0 a.m.11 views

python3.12-wheel security update

0.41.2-3.1 - Security fix for CVE-2026-24049 Resolves: RHEL-143652...

7.1CVSS5.3AI score0.00311EPSS
Exploits2
EUVD
EUVD
added 2026/04/24 4:11 p.m.5 views

EUVD-2026-25577

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 4:11 p.m.3 views

CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 4:8 p.m.2 views

CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:8 p.m.5 views

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/24 4:8 p.m.25 views

CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.15 views

PT-2026-35027

Name of the Vulnerable Software and Affected Versions AWS Ops Wheel affected versions not specified Description Missing JWT signature verification allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application. This enables the ability to read,...

9.8CVSS5.3AI score0.00254EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

AWS Ops Wheel 安全漏洞

AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:14 p.m.13 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

7.1CVSS6.3AI score0.00311EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 9:34 a.m.7 views

Security Bulletin: Vulnerability in wheel affects IBM Netezza Appliance

Summary The wheel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-24049 Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0...

7.1CVSS6.4AI score0.00311EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/16 8:33 a.m.8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.28 security and extras update

Red Hat OpenShift Container Platform release 4.19.28 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

7.1CVSS6.8AI score0.00311EPSS
Exploits2References2
Rows per page
Query Builder