Overview
- Python Software Foundation
- CPython
23 Jan 2026
Published
13 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.0)
EPSS
0.05%
KEV
Description
The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- IAMB
- Crypt::Sodium::XS
- Crypt-Sodium-XS
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV
Description
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
Description
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
Latest Metasploit update is out with unauthenticated RCE for Grandstream GXP1600 VoIP devices, enabling credential harvesting and SIP interception. Also included is critical support for BeyondTrust PRA/RS command injection (CVE-2026-1731), plus a serious Ollama RCE (CVE-2024-37032).
Check out the wrap up at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-27-2026/