Skip to main content

Python

2173 CVEs product

Monthly

CVE-2023-29522 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29521 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29518 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29516 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
65.9%
CVE-2023-29512 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-27043 MEDIUM POC CISA This Month

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Fedora Active Iq Unified Manager Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
Threat
4.6
CVE-2023-30608 PyPI HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30537 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29511 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29509 Maven HIGH POC PATCH THREAT This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
76.3%
CVE-2023-29214 Maven HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-29212 Maven HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-29211 Maven HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-29210 Maven HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-29209 Maven HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29005 PyPI HIGH PATCH This Week

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Flask Appbuilder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29374 PyPI CRITICAL POC PATCH THREAT Act Now

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
39.7%
CVE-2023-28837 PyPI MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Wagtail
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-28836 PyPI MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-28117 PyPI MEDIUM PATCH This Month

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Sentry Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1306 HIGH POC This Week

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection Insightappsec Insightcloudsec
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-27482 CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker Home Assistant Supervisor
NVD GitHub
CVSS 3.1
10.0
EPSS
72.0%
CVE-2023-27476 PyPI HIGH PATCH This Week

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Owslib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27479 Maven CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2023-26052 PyPI MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Saleor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-26051 PyPI MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Python Saleor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-26477 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
74.8%
CVE-2023-25823 PyPI CRITICAL PATCH Act Now

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Gradio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25657 PyPI CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Nautobot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-24329 HIGH POC PATCH THREAT This Week

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Fedora Active Iq Unified Manager Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
20.5%
CVE-2023-24580 PyPI HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.6%
CVE-2023-25577 PyPI HIGH PATCH This Week

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Werkzeug
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-24816 PyPI HIGH POC PATCH This Week

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available.

Python Command Injection Microsoft Ipython
NVD GitHub
CVSS 3.1
7.0
EPSS
1.3%
CVE-2023-23931 PyPI MEDIUM POC PATCH This Month

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-23969 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2023-24622 PyPI MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-23608 PyPI MEDIUM POC PATCH This Month

Spotipy is a light weight Python library for the Spotify Web API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Spotipy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-46179 HIGH POC PATCH This Week

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Authentication Bypass Liuos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-40899 PyPI HIGH POC PATCH This Week

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Future
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-40898 PyPI HIGH POC PATCH This Week

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Wheel
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-40897 PyPI MEDIUM POC PATCH This Month

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Denial Of Service Setuptools
NVD GitHub
CVSS 3.1
5.9
EPSS
2.6%
CVE-2022-4595 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in django-openipam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python XSS Django Openipam
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4526 PyPI MEDIUM PATCH This Month

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python XSS Django Photologue
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23485 PyPI LOW PATCH Monitor

Sentry is an error tracking and performance monitoring platform. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Privilege Escalation Sentry
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2022-44900 PyPI CRITICAL POC PATCH Act Now

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Py7Zr
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2022-23472 PyPI HIGH PATCH This Week

Passeo is an open source python password generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Passeo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22984 npm MEDIUM POC PATCH This Month

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Python Command Injection Snyk Cli Snyk Cocoapods Cli +6
NVD GitHub
CVSS 3.1
6.3
EPSS
3.0%
CVE-2022-41934 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-41931 Maven HIGH POC PATCH This Week

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-27896 HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Foundry Code Workbooks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41607 HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-43754 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS Manager Server Uyuni
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43753 MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-31255 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-42965 PyPI HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Snowflake Connector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45061 HIGH POC This Week

An issue was discovered in Python before 3.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Fedora Active Iq Unified Manager E Series Performance Analyzer +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-44054 CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44053 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44052 CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44051 CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Stats
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44050 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44049 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44048 CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43306 HIGH This Week

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-43305 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43304 CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43303 CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-42919 HIGH This Week

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python RCE Privilege Escalation Deserialization Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-33684 PyPI HIGH POC PATCH This Week

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apache Information Disclosure Python Pulsar
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-37454 LIB CRITICAL POC PATCH Act Now

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow RCE Extended Keccak Code Package Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-42969 PyPI HIGH POC This Week

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Py
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-41323 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-42044 PyPI CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42043 PyPI CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42042 PyPI CRITICAL POC Act Now

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42041 PyPI CRITICAL POC Act Now

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S File System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42040 PyPI CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-42039 PyPI CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42038 CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42037 PyPI CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42036 PyPI CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41387 PyPI CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41386 PyPI CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41385 PyPI CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41384 PyPI CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41383 PyPI CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41382 PyPI CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41381 PyPI CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41380 PyPI CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42731 PyPI HIGH POC PATCH This Week

mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Django Mfa2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 66% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 0% 4.6 CVSS 5.3
MEDIUM POC This Month

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Fedora +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 76% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Flask Appbuilder
NVD GitHub
EPSS 40% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Wagtail
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Wagtail
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Sentry Software Development Kit
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection +2
NVD
EPSS 72% CVSS 10.0
CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Owslib
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Saleor
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Python Saleor
NVD GitHub
EPSS 75% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Gradio
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 20% CVSS 7.5
HIGH POC PATCH THREAT This Week

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Fedora +4
NVD GitHub
EPSS 63% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Werkzeug
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available.

Python Command Injection Microsoft +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
EPSS 47% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Spotipy is a light weight Python library for the Spotify Web API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Spotipy
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Authentication Bypass Liuos
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Future
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Wheel
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Denial Of Service Setuptools
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in django-openipam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python XSS Django Openipam
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python XSS Django Photologue
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Sentry is an error tracking and performance monitoring platform. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Privilege Escalation Sentry
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Py7Zr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Passeo is an open source python password generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Passeo
NVD GitHub
EPSS 3% CVSS 6.3
MEDIUM POC PATCH This Month

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Python Command Injection +8
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Foundry Code Workbooks
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Snowflake Connector
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Python before 3.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Fedora +7
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python RCE Privilege Escalation +2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apache Information Disclosure Python +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow RCE +8
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Py
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Networking
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S File System
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Django Mfa2
NVD GitHub
Prev Page 17 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy