Where
-Infinity
0

Trending

Last week
Last month
Last year

oss-sec[oss-security][CVE-2026-8328] CPython: FTP PASV SSRF, ftpcp() does not use actual peer addss, trusts server-supplied PASV host addss

First published (updated )
https://seclists.org/oss-sec/2026/q2/521

Python CPythonFTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

Risk 26
Severity
5.9
EPSS
0.05%
First published (updated )
CVE-2026-8328

oss-sec[oss-security][CVE-2026-7210] Cpython: The expat and elementte parsers use insufficient entropy for XML hash-flooding protection

First published (updated )
https://seclists.org/oss-sec/2026/q2/483

Python http.cookies.MorselBaseCookie.js_output() does not neutralize embedded characters

Risk 27
Severity
2.1
EPSS
0.06%
First published (updated )
CVE-2026-6019

oss-sec[oss-security][CVE-2026-5713] CPython: Out-of-bounds ad/write during mote debugging when connecting to malicious target

First published (updated )
https://seclists.org/oss-sec/2026/q2/139
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Python CPythonOut-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

Risk 32
Severity
5.3
EPSS
0.02%
First published (updated )
CVE-2026-5713

oss-sec[oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

First published (updated )
https://seclists.org/oss-sec/2026/q2/123

Python CPythonMitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be by…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2458049

oss-sec[oss-security][CVE-2026-6100] CPython: Use-after-fe in lzma.LZMADecompssor, bz2.BZ2Decompssor, and gzip.GzipFile after -use under memory pssu

First published (updated )
https://seclists.org/oss-sec/2026/q2/122

oss-secCPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF

First published (updated )
https://seclists.org/oss-sec/2026/q2/98
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secFwd: [CPython][CVE-2026-4519] webbrowser.open() API allows leading dashes

First published (updated )
https://seclists.org/oss-sec/2026/q1/355

Python CPythonStack overflow parsing XML with deeply nested DTD content models

Risk 27
Severity
6
EPSS
0.03%
First published (updated )
CVE-2026-4224

Python CPythonIncomplete control character validation in http.cookies

Risk 32
Severity
6
EPSS
0.11%
First published (updated )
CVE-2026-3644

Python CPythonSourcelessFileLoader does not use io.open_code()

Risk 34
Severity
5.7
First published (updated )
CVE-2026-2297

Python CPythonA vulnerability has been found in the CPython `venv` module and CLI where path names provided when c…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2321440
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Python CPythonAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.1…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2276525

Python CPythonAn issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.1…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2276518

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203