Skip to main content

Python

2173 CVEs product

Monthly

CVE-2022-39280 PyPI HIGH PATCH This Week

dparse is a parser for Python dependency files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Dependency Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39254 PyPI MEDIUM PATCH This Month

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Matrix Nio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39227 PyPI CRITICAL PATCH Act Now

python-jwt is a module for generating and verifying JSON Web Tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Python Jwt
NVD GitHub
CVSS 3.1
9.1
EPSS
3.7%
CVE-2022-1941 PyPI HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp Protobuf Python Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-28802 CRITICAL Act Now

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Privilege Escalation Code By Zapier
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-40812 CRITICAL Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40810 CRITICAL Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40809 CRITICAL Act Now

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Dicts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40432 CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40431 CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40430 CRITICAL POC Act Now

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40429 CRITICAL POC Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40428 CRITICAL POC Act Now

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Mpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40426 CRITICAL POC Act Now

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40425 CRITICAL POC Act Now

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38887 CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38886 CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38885 CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38884 CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38883 CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38882 CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38881 CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40811 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40808 CRITICAL POC Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40807 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40806 CRITICAL POC Act Now

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Uuids
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40805 CRITICAL POC Act Now

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40427 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40424 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38880 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36027 PyPI HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36087 PyPI MEDIUM POC PATCH This Month

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Oauthlib Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-36100 Maven HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.6%
CVE-2022-36099 Maven HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.9%
CVE-2022-36070 PyPI HIGH PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Python RCE Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-36069 PyPI HIGH POC PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Code Injection Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
1.4%
CVE-2022-36065 HIGH PATCH This Week

GrowthBook is an open-source platform for feature flagging and A/B testing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Google Python Path Traversal RCE Growthbook
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36040 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Python Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30298 HIGH This Week

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Python Privilege Escalation Fortisoar
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2996 PyPI HIGH PATCH This Week

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Python Scciclient Debian Linux
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-0718 PyPI MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-28696 HIGH PATCH This Week

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Python Intel Privilege Escalation Distribution For Python
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36024 PyPI MEDIUM PATCH This Month

py-cord is a an API wrapper for Discord written in Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Python Pycord
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-2634 CRITICAL Act Now

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Privilege Escalation Connectport X2D Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36359 PyPI HIGH PATCH This Week

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Django Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-35920 PyPI HIGH POC PATCH This Week

Sanic is an opensource python web server/framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Sanic
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35918 PyPI MEDIUM PATCH This Month

Streamlit is a data oriented application development framework for python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Streamlit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-31177 PyPI LOW PATCH Monitor

Flask-AppBuilder is an application development framework built on top of Flask python framework. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Python Flask Appbuilder
NVD GitHub
CVSS 3.1
2.7
EPSS
0.6%
CVE-2022-33977 PyPI HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Untangle
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-31471 PyPI HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Python Untangle
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-35873 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Python Ignition
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-35871 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Python Ignition
NVD
CVSS 3.1
7.8
EPSS
39.2%
CVE-2022-35861 HIGH PATCH This Week

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Pyenv
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36126 HIGH POC This Week

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Python Ignition
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-25303 PyPI MEDIUM PATCH This Month

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Python Whoogle Search
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-36667 HIGH POC PATCH This Week

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Python Apple Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-31588 CRITICAL POC Act Now

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Testplatform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31587 CRITICAL POC Act Now

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kg Fashion Chatbot
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31586 CRITICAL POC Act Now

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Changepop Back
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31585 CRITICAL POC Act Now

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Home Internet
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31584 CRITICAL POC Act Now

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal S3Label
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31583 CRITICAL POC Act Now

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Automatedquizeval
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31582 CRITICAL POC Act Now

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Videoserver
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31581 CRITICAL POC Act Now

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Openmf
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31580 CRITICAL POC Act Now

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Caretakerr Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31579 CRITICAL Act Now

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Iasset
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31578 HIGH POC This Week

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bt Lnmp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31577 CRITICAL Act Now

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Audio Aligner App
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31576 CRITICAL POC Act Now

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Shackerpanel
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31575 CRITICAL POC Act Now

The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Livro Python
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31574 CRITICAL POC Act Now

The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Realestate
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31573 PyPI CRITICAL POC Act Now

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Chainerrl Visualizer
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31572 CRITICAL POC Act Now

The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cockybook
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31571 CRITICAL POC Act Now

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Flask Restful Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31570 CRITICAL Act Now

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Ceneo Web Scrapper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31568 CRITICAL POC Act Now

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Rex Web
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31567 CRITICAL POC Act Now

The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31566 HIGH This Week

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
CVSS 3.1
8.6
EPSS
1.1%
CVE-2022-31565 CRITICAL Act Now

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Syrabond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31564 CRITICAL PATCH Act Now

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Path Traversal Munhak Moa
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31563 CRITICAL Act Now

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Vprj
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31562 CRITICAL Act Now

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Internshipsystem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31561 CRITICAL Act Now

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Sphere Imagebackend
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31560 CRITICAL Act Now

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Photo Tag
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31559 CRITICAL Act Now

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flask Yeoman
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31558 PyPI CRITICAL Act Now

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Shiva Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31557 CRITICAL Act Now

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Golem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31556 CRITICAL POC Act Now

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Trainenergyserver
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31555 CRITICAL POC Act Now

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Nurse Quest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31554 CRITICAL POC Act Now

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Movie Review Sentiment Analysis
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

dparse is a parser for Python dependency files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Dependency Parser
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Matrix Nio
NVD GitHub
EPSS 4% CVSS 9.1
CRITICAL PATCH Act Now

python-jwt is a module for generating and verifying JSON Web Tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Python Jwt
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp +3
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Privilege Escalation Code By Zapier
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Pdfs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Ip Addresses
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Dicts
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Utility
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Ip Addresses
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Mpeg
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Asns
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Html
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Dates
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Uuids
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Tensorflow
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Oauthlib +1
NVD GitHub
EPSS 74% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 76% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Python RCE +1
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

GrowthBook is an open-source platform for feature flagging and A/B testing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Google Python Path Traversal +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Python Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Python Privilege Escalation +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Python Scciclient +1
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Python Intel Privilege Escalation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

py-cord is a an API wrapper for Discord written in Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Python Pycord
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Privilege Escalation Connectport X2D Firmware
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Django +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Sanic is an opensource python web server/framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Sanic
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Streamlit is a data oriented application development framework for python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Streamlit
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Flask-AppBuilder is an application development framework built on top of Flask python framework. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Python Flask Appbuilder
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Untangle
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Python Untangle
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Python Ignition
NVD
EPSS 39% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Python +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Pyenv
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Python +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Python Whoogle Search
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Python Apple +1
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Testplatform
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kg Fashion Chatbot
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Changepop Back
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Home Internet
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal S3Label
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Automatedquizeval
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Videoserver
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Openmf
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Caretakerr Api
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Iasset
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bt Lnmp
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Audio Aligner App
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Shackerpanel
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Livro Python
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Realestate
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Chainerrl Visualizer
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cockybook
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Flask Restful Api
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Ceneo Web Scrapper
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Rex Web
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Syrabond
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Path Traversal Munhak Moa
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Vprj
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Internshipsystem
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Sphere Imagebackend
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Photo Tag
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flask Yeoman
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Shiva Server
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Golem
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Trainenergyserver
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Nurse Quest
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Movie Review Sentiment Analysis
NVD GitHub
Prev Page 18 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy