Python Security Archives • Daily CyberSecurity

Critical Defect Exposed: Flaw In Apache Fory Bypasses Deserialization Protections Apache Fory vulnerability Apache Fory vulnerability patch PyFory deserialization policy bypass

Apache Fory vulnerability Apache Fory vulnerability patch PyFory deserialization policy bypass

Critical Defect Exposed: Flaw In Apache Fory Bypasses Deserialization Protections

Do Son May 27, 2026

Apache Fory has released an urgent security update to address a maximum-severity flaw in its framework. Specifically,...

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs

Do Son May 7, 2026

In a calculated move that signals the expansion of state-sponsored threats into open-source repositories, researchers at Kaspersky...

Langflow Alert: Path Traversal Flaw in Knowledge Bases API Risks Total Data Wipeout Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Langflow Alert: Path Traversal Flaw in Knowledge Bases API Risks Total Data Wipeout

Do Son April 28, 2026

Langflow, the popular visual framework for building and deploying AI-powered agents , has patched a critical security...

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference Xinference Supply Chain Attack TeamPCP

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference

Do Son April 23, 2026

The Python ecosystem is reeling from a sophisticated supply chain attack targeting Xinference (Xorbits Inference), a widely...

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection CrewAI Vulnerabilities AI Agent Security

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

Do Son March 31, 2026

The rapidly growing field of multi-agent AI systems has hit a significant security speed bump. A new...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Do Son March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles Authlib Vulnerabilities CVE-2026-27962

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles

Do Son March 17, 2026

Security researchers exposed three critical vulnerabilities in Authlib, the widely used library for building OAuth and OpenID...

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library

Do Son February 26, 2026

A major security flaw has been unearthed in ormar, a popular asynchronous mini Object-Relational Mapper (ORM) for...

Splunk Windows Flaws Expose Servers to System Takeover

Do Son February 19, 2026

Splunk administrators operating in Windows environments face a double threat this week. A new security advisory reveals...

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE Unstructured Library Vulnerability CVE-2025-64712

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE

Do Son February 6, 2026

A critical vulnerability has been discovered in the unstructured library, a powerhouse tool used by developers to...

Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw PyTorch vulnerability, CVE-2025-32434 CVE-2026-24747

Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw

Do Son January 29, 2026

The development team behind PyTorch, the backbone of modern deep learning and AI research, has patched a...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

High-Severity DoS Flaw Hits Google Protocol Buffers (CVE-2026-0994)

Do Son January 27, 2026

A high-severity vulnerability has been discovered in Protocol Buffers (protobuf), Google’s widely used mechanism for serializing structured...

Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8) Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8)

Do Son January 26, 2026

A critical vulnerability has been unearthed in PLY (Python Lex-Yacc), a legendary parsing library that has served...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

Do Son January 7, 2026

A high-severity vulnerability in the Forcepoint One DLP Client has been disclosed, revealing a method for attackers...

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons n8n Vulnerability CVE-2025-68668

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons

Do Son January 6, 2026

A critical vulnerability in the popular workflow automation platform n8n has been dissected in a new analysis...

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft LangChain Serialization Injection, CVE-2025-68664

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft

Do Son December 25, 2025

A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model...

Critical Alert 1 Active Exploit Detected Today