Skip to main content

Python

2173 CVEs product

Monthly

CVE-2022-31553 CRITICAL POC Act Now

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sleep Learner
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31552 CRITICAL POC Act Now

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anuvaad Corpus
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31551 CRITICAL POC Act Now

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mongo Skel
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31550 CRITICAL POC Act Now

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Athena Stack
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31549 CRITICAL POC PATCH Act Now

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Helm Flask Celery
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31548 CRITICAL POC Act Now

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Homepage
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31547 CRITICAL POC Act Now

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sphere
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31546 CRITICAL POC Act Now

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Glance
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31545 CRITICAL POC Act Now

The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Modelconverter
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31544 CRITICAL POC Act Now

The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Robo Tom
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31543 CRITICAL POC Act Now

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Setupbox
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31542 CRITICAL POC Act Now

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mdweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31541 CRITICAL POC Act Now

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Barry Voice Assistant
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31540 CRITICAL POC Act Now

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Hin Eng Preprocessing
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31539 CRITICAL POC Act Now

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kotekan
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31538 CRITICAL POC Act Now

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mp M08 Interface
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31537 CRITICAL POC Act Now

The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Solar System Simulator
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31536 CRITICAL POC Act Now

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ytdl Sync
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31535 CRITICAL POC Act Now

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fishtank
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31534 CRITICAL POC Act Now

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pythonweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31533 CRITICAL POC Act Now

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Umbral
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31532 CRITICAL POC Act Now

The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Travel Blahg
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31531 CRITICAL POC Act Now

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cilantro
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31530 CRITICAL POC Act Now

The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Csm Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31529 CRITICAL POC Act Now

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Monorepo
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31528 CRITICAL POC Act Now

The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bonn Activity Maps Annotation Tool
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31527 CRITICAL POC Act Now

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask File Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31526 CRITICAL POC Act Now

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Thunderdocs
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31525 CRITICAL POC Act Now

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Deep Learning Studio
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31524 CRITICAL POC Act Now

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pure Swagger
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31523 CRITICAL POC Act Now

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anakin
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31522 CRITICAL POC Act Now

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Karaokey
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31521 CRITICAL POC Act Now

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mosaic
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31520 CRITICAL POC Act Now

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Logstash Management Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31519 CRITICAL POC Act Now

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Windmill
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31518 CRITICAL POC Act Now

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Recipe Database
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31517 CRITICAL POC Act Now

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercury Sample Manager
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31516 CRITICAL POC Act Now

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Harveyzyh Python
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31515 CRITICAL POC Act Now

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Carceresbe
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31514 CRITICAL POC Act Now

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fan Platform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31513 CRITICAL POC Act Now

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Krypton
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31512 CRITICAL POC Act Now

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mvc
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31511 CRITICAL POC Act Now

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Equanimity
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31510 CRITICAL POC PATCH Act Now

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Simple Rat
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31509 CRITICAL POC Act Now

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Usap Dc Web Submission And Dataset Search
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31508 CRITICAL POC PATCH Act Now

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal E Voting
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31507 PyPI CRITICAL POC PATCH Act Now

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ganga
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31506 PyPI CRITICAL POC PATCH Act Now

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Opendiamond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31505 CRITICAL POC Act Now

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercadoenlineaback
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31504 CRITICAL POC Act Now

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Baiduwenkuspider Flaskweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31503 CRITICAL POC PATCH Act Now

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Orchest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31502 CRITICAL POC PATCH Act Now

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Wormnest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31501 CRITICAL POC PATCH Act Now

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Onyxforum
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31124 PyPI MEDIUM POC PATCH This Month

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSH Python Information Disclosure Openssh Key Parser
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-31117 PyPI MEDIUM PATCH This Month

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Ultrajson Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2022-31116 PyPI HIGH POC PATCH This Week

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Ultrajson Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-34265 PyPI CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django
NVD
CVSS 3.1
9.8
EPSS
73.3%
CVE-2022-32996 PyPI CRITICAL POC PATCH Act Now

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Django Navbar Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30885 PyPI CRITICAL POC PATCH Act Now

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Pyesasky
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-32552 HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Python Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32151 CRITICAL Act Now

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Python Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-24840 PyPI CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal Django S3File
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30877 PyPI CRITICAL POC Act Now

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Keep
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24065 PyPI CRITICAL POC PATCH Act Now

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Python Cookiecutter Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-30034 PyPI HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-31015 PyPI MEDIUM POC PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-29217 PyPI HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-30688 HIGH PATCH This Week

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Needrestart Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30286 HIGH POC PATCH THREAT This Week

pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pyscript
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
13.3%
CVE-2022-30284 PyPI CRITICAL POC PATCH Act Now

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Libnmap
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-24900 HIGH POC PATCH This Week

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Piano Led Visualizer
NVD GitHub
CVSS 3.1
8.6
EPSS
8.0%
CVE-2022-24880 PyPI MEDIUM PATCH This Month

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Flask Session Captcha
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-24859 PyPI MEDIUM POC PATCH This Month

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Pypdf2 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-24857 PyPI HIGH PATCH This Week

django-mfa3 is a library that implements multi factor authentication for the django web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Django Mfa3
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28347 PyPI CRITICAL PATCH Act Now

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28346 PyPI CRITICAL PATCH Act Now

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django Debian Linux
NVD
CVSS 3.1
9.8
EPSS
18.5%
CVE-2022-27271 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Python Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-24801 PyPI HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Twisted Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-27177 PyPI CRITICAL PATCH Act Now

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python Information Disclosure Consoleme
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-24776 PyPI MEDIUM PATCH This Month

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Flask Appbuilder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24761 PyPI HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Waitress Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-25510 PyPI HIGH POC PATCH This Week

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Freetakserver Ui
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-26488 HIGH This Week

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Python Information Disclosure Active Iq Unified Manager Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.0
EPSS
1.4%
CVE-2022-21716 PyPI HIGH POC PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python Twisted Debian Linux Http Server +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2022-23651 PyPI MEDIUM PATCH This Month

b2-sdk-python is a python library to access cloud storage provided by backblaze. Rated medium severity (CVSS 4.7).

Python Information Disclosure B2 Python Software Development Kit
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2021-43854 PyPI HIGH POC PATCH This Week

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Nltk
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-33430 PyPI MEDIUM POC PATCH This Month

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Python Denial Of Service Numpy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-43837 PyPI CRITICAL POC PATCH Act Now

vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Hashicorp RCE Vault Cli
NVD GitHub
CVSS 3.1
9.1
EPSS
5.0%
CVE-2021-4007 HIGH This Week

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python Privilege Escalation Insight Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-43818 PyPI HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
2.5%
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sleep Learner
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anuvaad Corpus
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mongo Skel
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Athena Stack
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Helm Flask Celery
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Homepage
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sphere
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Glance
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Modelconverter
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Robo Tom
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Setupbox
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mdweb
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Barry Voice Assistant
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Hin Eng Preprocessing
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kotekan
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mp M08 Interface
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Solar System Simulator
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ytdl Sync
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fishtank
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pythonweb
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Umbral
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Travel Blahg
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cilantro
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Csm Server
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Monorepo
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bonn Activity Maps Annotation Tool
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask File Server
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Thunderdocs
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Deep Learning Studio
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pure Swagger
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anakin
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Karaokey
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mosaic
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Logstash Management Api
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Windmill
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Recipe Database
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercury Sample Manager
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Harveyzyh Python
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Carceresbe
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fan Platform
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Krypton
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mvc
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Equanimity
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Simple Rat
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Usap Dc Web Submission And Dataset Search
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal E Voting
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ganga
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Opendiamond
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercadoenlineaback
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Baiduwenkuspider Flaskweb
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Orchest
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Wormnest
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Onyxforum
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSH Python Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Ultrajson +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Ultrajson +1
NVD GitHub
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Django Navbar Client
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Pyesasky
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Python Purity Fa +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Python Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Keep
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Python Cookiecutter +1
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Waitress
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Needrestart +1
NVD GitHub
EPSS 13% CVSS 7.5
HIGH POC PATCH THREAT This Week

pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pyscript
NVD GitHub Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Libnmap
NVD GitHub
EPSS 8% CVSS 8.6
HIGH POC PATCH This Week

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Piano Led Visualizer
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Flask Session Captcha
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Pypdf2 +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

django-mfa3 is a library that implements multi factor authentication for the django web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Django Mfa3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django +1
NVD
EPSS 19% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Python +1
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling +4
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Flask Appbuilder
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Freetakserver Ui
NVD GitHub
EPSS 1% CVSS 7.0
HIGH This Week

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Python Information Disclosure +2
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python Twisted +4
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

b2-sdk-python is a python library to access cloud storage provided by backblaze. Rated medium severity (CVSS 4.7).

Python Information Disclosure B2 Python Software Development Kit
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Nltk
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Python Denial Of Service +1
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL POC PATCH Act Now

vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Hashicorp RCE +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python Privilege Escalation Insight Agent
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml +10
NVD GitHub
Prev Page 19 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy