Skip to main content

Python

2165 CVEs product

Monthly

CVE-2026-31831 HIGH PATCH This Week

Path traversal in Tautulli's /newsletter/image/images API endpoint allows unauthenticated remote attackers to read arbitrary files from the server filesystem. Tautulli, a Python-based monitoring tool for Plex Media Server, is affected in all versions prior to 2.17.0. The vulnerability carries a CVSS 4.0 score of 8.7 with network attack vector, low complexity, and no authentication required (PR:N), enabling trivial exploitation for sensitive information disclosure. No active exploitation confirmed at time of analysis, though the unauthenticated nature and public disclosure significantly elevate real-world risk.

Python Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-31804 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in Tautulli prior to version 2.17.0 allows remote attackers to forge outbound HTTP requests from the Plex Media Server process via the unauthenticated /pms_image_proxy endpoint, potentially exposing internal services on RFC-1918 address space and enabling reconnaissance or attacks against systems accessible from the Plex server's network context.

Python SSRF
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28505 HIGH PATCH This Week

Remote code execution in Tautulli (Python-based Plex Media Server monitoring tool) versions prior to 2.17.0 allows authenticated administrators to bypass sandbox restrictions in notification templates via lambda expressions, enabling arbitrary Python code execution. The vulnerability exploits a flaw in the str_eval() sandbox implementation that only inspects outer code object names (co_names) while nested lambda code objects store attribute accesses in co_consts, evading security checks. CVSS 7.5 with high attack complexity and high privilege requirement (PR:H) indicates limited real-world risk scope, with no public exploit identified at time of analysis.

Python Code Injection RCE
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-34237 Maven MEDIUM PATCH GHSA This Month

Hardcoded wildcard CORS headers (Access-Control-Allow-Origin: *) in the Model Context Protocol Java SDK transport layer enable cross-origin session hijacking, allowing attackers to extract session IDs from victim browsers and relay authenticated requests back to internal MCP servers. The vulnerability affects the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes in mcp-core; no public exploit code has been identified, though the attack requires user interaction (victim visiting attacker-controlled page). CVSS 6.1 reflects the combination of network-accessible vector, low attack complexity, and cross-origin impact, though practical exploitation depends on MCP server deployment architecture.

Java Cors Misconfiguration Information Disclosure Python
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34231 PyPI MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in the slippers Django package's {% attrs %} template tag allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript by passing untrusted context variables containing quote characters and event handler attributes. The vulnerability affects templates that pass user-supplied or database-derived values to {% attrs %} without prior escaping. Vendor-released patch version 0.6.3 is available.

Python XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33641 PyPI HIGH POC PATCH GHSA This Week

Command injection in Glances Python monitoring tool allows local authenticated users to execute arbitrary system commands via malicious configuration files. Attackers with write access to Glances configuration files can embed shell commands in backtick-enclosed strings that execute automatically during config parsing with the privileges of the Glances process. In environments where Glances runs as a system service with elevated privileges, this enables privilege escalation from low-privileged user to root. CVSS 7.8 (High) with local attack vector requiring low privileges. Public exploit code exists in the advisory. EPSS data not available, not listed in CISA KEV.

Python Command Injection Privilege Escalation Suse
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33533 PyPI HIGH PATCH GHSA This Week

Cross-origin data exfiltration in Glances XML-RPC server (glances -s) allows any website to steal complete system monitoring data including hostname, OS details, process lists with command-line arguments, and network configuration through CORS misconfiguration. The server sends Access-Control-Allow-Origin: * on all responses and processes XML-RPC POST requests with Content-Type: text/plain without validation, bypassing browser CORS preflight checks. Default deployments run unauthenticated, making all network-accessible instances immediately exploitable. No public exploit identified at time of analysis, though detailed proof-of-concept code is included in the advisory.

Cors Misconfiguration Python Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-29872 HIGH This Week

Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.

Python Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-34172 PyPI HIGH PATCH GHSA This Week

Remote code execution in giskard-agents Python library (versions ≤0.3.3 and 1.0.x alpha) allows attackers to execute arbitrary system commands when user-controlled strings are passed to the ChatWorkflow.chat() method. The vulnerability stems from unsandboxed Jinja2 template rendering that enables class traversal exploitation via Python's object introspection. Patched in versions 0.3.4 (stable) and 1.0.2b1 (pre-release). Public exploit code exists demonstrating full RCE via Jinja2 object traversal to os.popen(). No active exploitation confirmed at time of analysis, though the straightforward attack vector and clear POC make this a critical priority for affected deployments.

Python RCE Ssti
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-34070 PyPI HIGH PATCH GHSA This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker Kubernetes Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-33981 PyPI HIGH PATCH GHSA This Week

changedetection.io versions up to 0.54.6 leak all server environment variables including password hashes, proxy credentials, and API keys via unrestricted jq filter expressions. Attackers with API access (default: no authentication required) can extract SALTED_PASS, PLAYWRIGHT_DRIVER_URL, HTTP_PROXY, and any secrets passed to the container by creating a watch with 'jqraw:env' as the include filter. Vendor-released patch available in version 0.54.7. No active exploitation confirmed (not in CISA KEV), but a detailed proof-of-concept exists in the GitHub advisory demonstrating full environment variable extraction in three API calls.

Docker Python Information Disclosure
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-33980 PyPI HIGH PATCH GHSA This Week

KQL injection in adx-mcp-server Python package allows authenticated attackers to execute arbitrary Kusto queries against Azure Data Explorer clusters. Three MCP tool handlers (get_table_schema, sample_table_data, get_table_details) unsafely interpolate the table_name parameter into query strings via f-strings, enabling data exfiltration from arbitrary tables, execution of management commands, and potential table drops. Vendor-released patch available (commit 0abe0ee). No public exploit identified at time of analysis, though proof-of-concept code exists in the security advisory demonstrating injection via comment-based bypass and newline-separated commands. Affects adx-mcp-server ≤ commit 48b2933.

Microsoft RCE Nosql Injection Python
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-33946 Ruby HIGH PATCH GHSA This Week

Session hijacking in the Model Context Protocol Ruby SDK (mcp gem) allows attackers to intercept Server-Sent Events streams by reusing valid session identifiers. The streamable_http_transport.rb implementation overwrites existing SSE stream objects when a duplicate session ID connects, silently disconnecting legitimate users and redirecting all tool responses and real-time data to the attacker. A proof-of-concept demonstration has been provided showing successful stream hijacking, where the attacker receives confidential tool call responses intended for the victim. Patch available per vendor advisory (release v0.9.2 per references).

Session Fixation Python Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-34036 PHP MEDIUM PATCH This Month

Dolibarr Core versions up to 22.0.4 allow authenticated users with minimal privileges to read arbitrary non-PHP files from the server via a Local File Inclusion vulnerability in /core/ajax/selectobject.php. The flaw stems from dynamic file inclusion occurring before authorization checks and a fail-open logic in the access control function, enabling exfiltration of sensitive configuration files, environment variables, and logs. Publicly available exploit code exists, and a vendor patch has been released.

PHP LFI Information Disclosure CSRF Python
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33992 PyPI CRITICAL PATCH GHSA Act Now

PyLoad download manager (version 0.5.0 and potentially earlier, distributed via pip as pyload-ng) allows authenticated users to perform Server-Side Request Forgery attacks by submitting arbitrary URLs through the /api/addPackage endpoint without validation. Attackers with valid credentials can exfiltrate cloud provider metadata from AWS EC2, DigitalOcean, Google Cloud, and Azure instances, exposing IAM credentials, SSH keys, API tokens, and internal network topology. A proof-of-concept demonstration is documented with live instance credentials, and upstream fix available (PR/commit); released patched version not independently confirmed based on GitHub commit reference b76b6d4ee5e32d2118d26afdee1d0a9e57d4bfe8.

SSRF Microsoft Python Google
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-33936 PyPI MEDIUM PATCH This Month

Denial-of-service vulnerability in python-ecdsa library allows remote attackers to crash applications parsing untrusted DER-encoded private keys through truncated or malformed DER structures. The DER parsing functions accept invalid input that declares a longer byte length than actually provided, subsequently triggering unexpected internal IndexError exceptions instead of cleanly rejecting the malformed data. Publicly available proof-of-concept code demonstrates deterministic crashes via SigningKey.from_der() on mutated DER inputs.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33530 HIGH PATCH This Week

Authenticated attackers with low-level privileges can exfiltrate sensitive database information from InvenTree open source inventory management systems prior to version 1.2.6 by abusing unvalidated filter parameters in bulk operation API endpoints. The vulnerability enables blind boolean-based data extraction through Django ORM relationship traversal, achieving high confidentiality impact with changed scope per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (score 7.7). No public exploit identified at time of analysis, and vendor-released patches are available in versions 1.2.6 and 1.3.0.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-33152 CRITICAL PATCH Act Now

Tandoor Recipes versions prior to 2.6.0 allow unlimited brute-force password guessing attacks against any known username through API endpoints accepting BasicAuthentication headers. While Django AllAuth rate limiting protects the HTML login form (5 attempts per minute per IP), API endpoints completely bypass these controls, enabling high-speed credential stuffing with no account lockout. A proof-of-concept exploit exists and the attack is automatable per SSVC analysis, though no active exploitation is confirmed in CISA KEV.

Python Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-33153 HIGH PATCH This Week

Tandoor Recipes application versions prior to 2.6.0 expose complete database schema and access control logic through an undocumented debug parameter in the Recipe API endpoint, allowing any authenticated user to extract raw SQL queries including table structures, JOIN relationships, WHERE conditions, and multi-tenant space identifiers even in production environments with DEBUG=False. A proof-of-concept exploit is available (SSVC exploitation status: poc). The CVSS 4.0 score of 7.7 reflects network-based exploitation with no attack complexity, and SSVC indicates the vulnerability is automatable with partial technical impact.

SQLi Python
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-33149 HIGH This Week

Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.

Python Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33870 Maven HIGH PATCH This Week

CVE-2026-33870 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Docker RCE Python Request Smuggling
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33873 PyPI CRITICAL PATCH GHSA Act Now

Langflow's Agentic Assistant feature executes LLM-generated Python code server-side during component validation, enabling arbitrary code execution when attackers can influence model outputs. The vulnerability affects the pip package 'langflow' and exists in endpoints /assist and streaming paths that invoke exec() on dynamically generated component code. A proof-of-concept exists demonstrating the execution chain from user input through validation to code execution. Authentication requirements depend on deployment configuration, with AUTO_LOGIN=true defaults potentially widening exposure. No public exploit identified at time of analysis beyond the documented PoC, though the technical details and code references provide a complete exploitation blueprint.

Python RCE Code Injection Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-33744 PyPI HIGH PATCH GHSA This Week

BentoML, a Python framework for ML model serving, contains a command injection vulnerability in the docker.system_packages configuration field of bentofile.yaml files. The vulnerability affects all versions supporting this feature (confirmed in version 1.4.36) and allows attackers to execute arbitrary commands during the Docker image build process (bentoml containerize). This is a high-severity supply chain risk with a CVSS score of 7.8, requiring user interaction to trigger but achieving full command execution as root during container builds.

Docker Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33718 PyPI HIGH PATCH GHSA This Week

A Command Injection vulnerability in OpenHands allows authenticated users to execute arbitrary commands in the agent sandbox by injecting shell metacharacters into the path parameter of the /api/conversations/{conversation_id}/git/diff API endpoint. The vulnerability affects OpenHands installations exposing this endpoint, with a CVSS score of 7.6. A patch is available via PR #13051, and while no EPSS or KEV data indicates active exploitation, the vulnerability is easily exploitable by any authenticated user.

Python Docker Command Injection
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-33529 Go LOW PATCH Monitor

An authenticated path traversal vulnerability in Zoraxy's configuration import endpoint (POST /api/conf/import) allows authenticated users to write arbitrary files outside the intended config directory by exploiting insufficient zip entry name sanitization, enabling remote code execution through malicious plugin creation. The vulnerability affects Zoraxy versions prior to 3.3.2 and has a CVSS score of 3.3 due to high privilege requirements, but poses significant real-world risk because Docker socket mapping could facilitate host takeover. A functional proof-of-concept demonstrating full RCE via entrypoint modification and plugin execution is publicly available.

Path Traversal Docker Python CSRF
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-33670 Go CRITICAL PATCH Act Now

SiYuan, a note-taking application written in Go, contains an unauthenticated directory traversal vulnerability in its /api/file/readDir endpoint. The vulnerability allows remote attackers without authentication to enumerate the entire directory structure of notebooks, configuration folders, plugins, and resource directories, which can be chained with file reading vulnerabilities for arbitrary document access. A working Python proof-of-concept exploit is publicly available, demonstrating recursive directory enumeration of data/ and conf/ directories.

Path Traversal Python Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-33669 Go CRITICAL PATCH Act Now

An unauthenticated information disclosure vulnerability exists in SiYuan note-taking application that allows remote attackers to read the content of all documents, including encrypted or access-restricted files, through two API endpoints (/api/file/readDir and /api/block/getChildBlocks). A working proof-of-concept Python exploit has been published demonstrating complete document enumeration and content retrieval. With a CVSS score of 9.8 (Critical) indicating network-based exploitation requiring no privileges or user interaction, this represents a severe confidentiality breach for all published SiYuan instances.

Information Disclosure Python Buffer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27889 Go HIGH PATCH This Week

A critical pre-authentication denial of service vulnerability in nats-server allows an unauthenticated remote attacker to crash the entire server process by sending a single malicious 15-byte WebSocket frame. The vulnerability affects nats-server versions 2.2.0 through 2.11.13 and 2.12.0 through 2.12.4 when WebSocket listeners are enabled. A working proof-of-concept exploit in Go has been publicly disclosed by security researcher Mistz1, demonstrating that a single TCP connection can bring down the entire NATS deployment including all connected clients, JetStream streams, and cluster routes.

Denial Of Service Integer Overflow Python
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27602 PyPI HIGH PATCH This Week

Modoboa, an open-source mail server management platform, contains a command injection vulnerability in its subprocess execution handler that allows authenticated Reseller or SuperAdmin users to execute arbitrary operating system commands. A proof-of-concept exploit exists demonstrating how shell metacharacters in domain names can achieve code execution, typically as root in standard deployments. The vulnerability affects modoboa versions up to and including 2.7.0, with patches available in version 2.7.1.

Python Command Injection OpenSSL
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-33545 PyPI MEDIUM PATCH This Month

A SQL injection vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

SQLi Denial Of Service Information Disclosure Python Apple +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33511 HIGH PATCH This Week

pyLoad versions 0.4.20 through 0.5.0b3.dev96 contain an authentication bypass vulnerability in the ClickNLoad feature's local_check decorator that allows remote attackers to spoof the HTTP Host header and access localhost-restricted endpoints without authentication. This vulnerability enables unauthenticated remote users to inject arbitrary downloads, write files to the storage directory, and execute JavaScript code with the privileges of the pyLoad process. The vulnerability has been patched in version 0.5.0b3.dev97, and exploitation appears feasible given the straightforward nature of HTTP header manipulation.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-26209 PyPI HIGH PATCH This Week

The cbor2 Python library, which implements CBOR serialization, suffers from uncontrolled recursion when decoding deeply nested CBOR structures, allowing remote attackers to trigger Denial of Service by sending crafted payloads containing approximately 100,000 nested arrays. All versions prior to 5.9.0 are affected, including both the pure Python implementation and the C extension. Attackers can crash worker processes in web servers (Gunicorn, Uvicorn) and task queues (Celery) with small malicious packets under 100KB, causing complete service outages through repeated worker crashes.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.0%
CVE-2026-33509 PyPI HIGH PATCH This Week

Remote code execution in Python allows authenticated users with SETTINGS permission to modify the reconnect.script configuration parameter without restriction, which is then passed unsanitized to subprocess.run() enabling arbitrary command execution. The vulnerability exists due to insufficient input validation in the set_config_value() API endpoint, which only restricts the general.storage_folder setting while leaving other security-critical options like reconnect.script unprotected. An attacker with non-admin SETTINGS privileges can exploit this to achieve full system compromise on the affected Python installation.

Python RCE Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33488 PHP HIGH This Week

The LoginControl plugin for AVideo contains a critical cryptographic weakness in its PGP-based 2FA implementation, generating 512-bit RSA keys that can be factored on commodity hardware within hours using publicly available tools. Attackers who obtain a user's public key can derive the complete private key and decrypt authentication challenges, completely bypassing the second factor protection. A proof-of-concept demonstrating key factoring and challenge decryption is included in the advisory, and unauthenticated endpoints allow anonymous CPU-intensive key generation for denial-of-service attacks.

PHP Denial Of Service Python
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-33316 Go HIGH PATCH This Week

Vikunja task management application contains an authentication bypass vulnerability in its password reset logic that allows disabled user accounts to be reactivated without authorization. The ResetPassword() function unconditionally sets user status to 'Active' after password reset completion, enabling disabled users to regain full access by requesting a password reset token and completing the reset process. A working proof-of-concept Python script is publicly available demonstrating automated exploitation of this vulnerability.

Python Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32889 PyPI MEDIUM PATCH This Month

A non-terminating loop denial-of-service vulnerability exists in tinytag version 2.2.0, a Python library for reading audio file metadata. An attacker can supply a malicious MP3 file containing a crafted ID3v2 SYLT (synchronized lyrics) frame that causes the parsing operation to enter an infinite loop, consuming CPU resources until the worker process is terminated. The vulnerability affects server-side deployments that automatically parse user-supplied files, and has been patched in version 2.2.1.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32808 HIGH PATCH This Week

pyLoad, a free and open-source download manager written in Python, contains a path traversal vulnerability in versions before 0.5.0b3.dev97 that allows arbitrary file deletion outside the extraction directory during password verification of encrypted 7z archives with non-encrypted headers. Attackers can exploit this vulnerability remotely with low complexity, requiring only user interaction, to delete arbitrary files on the system. This is assigned CVE-2026-32808 with a CVSS score of 8.1 (High severity), though no active exploitation (KEV) or public proof-of-concept has been reported at this time.

Path Traversal Python
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-32711 PyPI HIGH PATCH This Week

Path traversal in pydicom versions 2.0.0-rc.1 through 3.0.1 allows local attackers to read, copy, or delete arbitrary files outside the File-set root directory by crafting malicious ReferencedFileID values in DICOMDIR files. The vulnerability exists because pydicom fails to validate that resolved file paths remain within the intended File-set root before performing file I/O operations like copy(), write(), and remove(). No patch is currently available for affected versions.

Python Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33314 PyPI MEDIUM PATCH This Month

A Host Header Spoofing vulnerability in the @local_check decorator of pyload-ng allows unauthenticated external attackers to bypass local-only IP address restrictions on the Click'N'Load API endpoints by sending a crafted HTTP Host header. This authentication bypass enables remote attackers to queue arbitrary downloads on the affected pyload instance, leading to Server-Side Request Forgery (SSRF) attacks against internal or external systems and Denial of Service through resource exhaustion. A proof-of-concept exploit exists in the form of a simple curl command that demonstrates immediate exploitability without user interaction.

Authentication Bypass Denial Of Service Python SSRF
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33309 PyPI CRITICAL POC PATCH GHSA Act Now

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker Path Traversal Canonical
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33297 PHP CRITICAL Act Now

The CustomizeUser plugin in PHP and Python allows attackers to bypass channel-level access control by exploiting improper password validation in the setPassword.json.php endpoint. An administrator-level attacker can set any user's channel password to zero due to type coercion of non-numeric characters, enabling trivial authentication bypass for any visitor. No patch is currently available for this critical vulnerability.

PHP Authentication Bypass Privilege Escalation Python
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33296 PHP MEDIUM This Month

WWBN/AVideo fails to properly validate the redirectUri parameter in its login flow, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled sites after successful login. The vulnerability stems from insufficient encoding of user input before it is embedded into JavaScript code that executes a redirect via document.location. An attacker can exploit this open redirect to perform phishing attacks or distribute malware by tricking users into clicking a login link with an attacker-controlled redirect destination.

PHP Python Open Redirect
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33295 PHP MEDIUM This Month

Stored cross-site scripting in the WWBN/AVideo CDN plugin allows authenticated attackers to inject malicious JavaScript through improperly sanitized video titles, which executes when users access download pages. An attacker with video creation or modification privileges can compromise any user viewing the affected download interface. No patch is currently available for PHP and Python implementations.

PHP XSS Python
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27953 PyPI HIGH PATCH This Week

A critical validation bypass vulnerability in the ormar Python ORM library allows attackers to completely skip all Pydantic field validation by injecting a special '__pk_only__' parameter in JSON request bodies. This affects all applications using ormar's canonical FastAPI integration pattern (where ormar models are used directly as request body parameters), enabling attackers to persist invalid data, bypass security constraints, and potentially escalate privileges. A working proof-of-concept demonstrates the vulnerability is trivially exploitable, and with a CVSS score of 7.1, it poses significant risk to affected applications.

Privilege Escalation Python Deserialization Canonical
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-33236 PyPI HIGH PATCH This Week

NLTK downloader contains a path traversal vulnerability that allows remote attackers to write arbitrary files to any location on the filesystem when a user downloads packages from a malicious server. Attackers controlling a remote XML index server can inject path traversal sequences (../) into package metadata to overwrite critical system files including /etc/passwd or SSH authorized_keys. A working proof-of-concept exploit exists demonstrating arbitrary file creation at /tmp/test_file.zip via malicious server and client script.

Python Path Traversal
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33231 PyPI HIGH PATCH GHSA This Week

The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.

CSRF Denial Of Service Docker Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33230 PyPI MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in NLTK's WordNet Browser application (nltk.app.wordnet_app) in the lookup_... route, where attacker-controlled word parameters are reflected into HTML responses without proper escaping. This vulnerability affects users running the local WordNet Browser server and allows attackers to inject and execute arbitrary JavaScript in the browser context of the affected application. A proof-of-concept exploit has been publicly demonstrated, and a vendor patch is available.

XSS Docker Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33155 PyPI HIGH PATCH GHSA This Week

Memory exhaustion in Python's pickle deserialization allows attackers to crash applications by supplying a small malicious payload that forces allocation of gigabytes of memory through unrestricted constructor arguments in whitelisted classes. Applications using `_RestrictedUnpickler` to load untrusted pickle data are vulnerable to denial of service attacks. A patch is available.

Python Denial Of Service Deserialization RCE Red Hat +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33154 PyPI HIGH PATCH GHSA This Week

Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.

RCE Code Injection Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33057 PyPI CRITICAL POC PATCH Act Now

An unauthenticated remote code execution vulnerability exists in the mesop Python package's debugging Flask server endpoint (/exec-py) that accepts and executes arbitrary base64-encoded Python code without any authentication or validation. The vulnerability affects the mesop pip package, with a publicly disclosed proof-of-concept demonstrating trivial exploitation requiring only a single HTTP POST request. With a CVSS score of 9.8 (Critical) and detailed PoC availability, this represents an immediately exploitable vulnerability for any exposed instance.

Command Injection Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-33054 PyPI CRITICAL PATCH Act Now

A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Microsoft Path Traversal Denial Of Service Python Windows
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-32731 npm CRITICAL PATCH Act Now

Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments.

Path Traversal Node.js CSRF Denial Of Service Google +3
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33081 Go MEDIUM PATCH This Month

PinchTab contains a Server-Side Request Forgery (SSRF) vulnerability in its /download endpoint that allows unauthenticated attackers to bypass URL validation and cause the embedded Chromium browser to make requests to internal network services. The vulnerability affects PinchTab versions 0.7.x and 0.8.x when the security.allowDownload setting is enabled (disabled by default), and exploits a validation gap where only the initial user-supplied URL is checked while subsequent browser-initiated requests (redirects, JavaScript navigations, resource fetches) bypass this protection entirely. Although the attacker cannot receive response bodies from internal services (blind SSRF), they can trigger state-changing endpoints on localhost or private network addresses reachable from the PinchTab host, with a proof-of-concept publicly available demonstrating counter increments on internal services.

Google Python SSRF Chrome Suse
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-33140 PyPI MEDIUM PATCH This Month

PySpector versions 0.1.6 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator that fails to sanitize JavaScript payloads embedded within scanned Python code. When a victim scans a malicious Python file crafted by an attacker and opens the resulting HTML report in a browser, the embedded JavaScript executes in the local file context, potentially enabling DOM manipulation, page redirects, and theft of locally accessible data. A proof-of-concept demonstrating the vulnerability has been publicly disclosed.

Python XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32875 PyPI HIGH PATCH This Week

The ujson Python library prior to version 5.12.0 contains an integer overflow/underflow vulnerability in the dumps() function that can crash the Python interpreter (segmentation fault) or cause an infinite loop, leading to denial of service. The vulnerability affects applications that allow untrusted users to control the indent parameter when serializing JSON, or that use large negative indent values with nested data structures. A proof-of-concept demonstrating both the segfault and infinite loop conditions is provided in the vulnerability disclosure, though there is no evidence of active exploitation (not in KEV).

Integer Overflow Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32874 PyPI HIGH PATCH This Week

ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33039 PHP HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability in AVideo's LiveLinks proxy endpoint allows unauthenticated attackers to access internal services and cloud metadata by exploiting missing validation on HTTP redirect targets. The vulnerability enables attackers to bypass initial URL validation through a malicious redirect, potentially exposing AWS/GCP/Azure instance metadata including IAM credentials. A detailed proof-of-concept is available and a patch has been released by the vendor.

PHP SSRF Google Microsoft Mozilla +1
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-33017 PyPI CRITICAL POC KEV PATCH THREAT GHSA Act Now

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.

RCE Python Code Injection
NVD GitHub VulDB Exploit-DB
CVSS 4.0
9.3
EPSS
0.5%
Threat
4.9
CVE-2026-30922 PyPI HIGH PATCH GHSA This Week

The pyasn1 library suffers from an uncontrolled recursion vulnerability when parsing deeply nested ASN.1 structures, allowing remote attackers to trigger a denial of service through stack exhaustion or memory consumption. Any service using pyasn1 to parse untrusted ASN.1 data (including LDAP, SNMP, Kerberos, and X.509 parsers) can be crashed remotely with a small crafted payload under 100KB. A working proof-of-concept is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 indicating high severity.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26929 PyPI MEDIUM PATCH GHSA This Month

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Apache Python Authentication Bypass Apache Airflow
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4308 LOW POC Monitor

A Server-Side Request Forgery (SSRF) vulnerability exists in frdel/agent-zero version 0.9.7 within the handle_pdf_document function of python/helpers/document_query.py. This allows authenticated remote attackers to manipulate PDF document handling to perform arbitrary server-side requests, potentially accessing internal services or exfiltrating sensitive data. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure notifications, increasing the practical risk of exploitation.

Python SSRF
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4307 LOW POC Monitor

Agent Zero 0.9.7-10's get_abs_path function in python/helpers/files.py is vulnerable to path traversal, allowing authenticated remote attackers to access files outside intended directories with limited confidentiality impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Python
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-32751 Go CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-32749 Go HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-4224 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Python
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-3644 MEDIUM PATCH This Month

CVE-2026-3644 is a security vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-32722 PyPI LOW PATCH Monitor

## Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping.

Python XSS
NVD GitHub VulDB
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-32634 PyPI HIGH PATCH This Week

A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32633 PyPI CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-32632 PyPI MEDIUM PATCH This Month

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-32611 PyPI HIGH PATCH This Week

SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.

Python SQLi Suse
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32610 PyPI HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker Cors Misconfiguration Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32609 PyPI HIGH PATCH This Week

A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32608 PyPI HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python Command Injection Docker +1
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32596 PyPI HIGH POC PATCH GHSA This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28500 PyPI CRITICAL PATCH GHSA Act Now

Silent supply-chain compromise in the ONNX Python package (pip/onnx <= 1.20.1) arises because passing silent=True to onnx.hub.load() suppresses every untrusted-repository warning and confirmation prompt, letting models download and execute from any attacker-controlled GitHub repo with zero user awareness. Because the SHA256 manifest lives in the same attacker-owned repo, the integrity check is self-defeating and always validates the malicious model. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue is fixed in 1.21.0rc1 and carries a vendor CVSS of 9.1.

Python Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-28498 PyPI HIGH PATCH This Week

OIDC ID Token hash-binding bypass in the Authlib Python library (versions <= 1.6.8) lets attackers defeat at_hash and c_hash integrity checks by forging the JWT alg header with an unsupported value. The internal _verify_hash routine fails open-returning True when create_half_hash yields None for an unknown algorithm-so a forged token binds to an attacker-controlled access_token or authorization code. A detailed, working proof-of-concept against the real library exists; there is no public evidence of active exploitation, and EPSS is very low (0.02%). The flaw is fixed in Authlib 1.6.9.

Python RCE
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-28490 PyPI MEDIUM POC PATCH This Month

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27962 PyPI CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization Jwt Attack
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69196 PyPI HIGH PATCH This Week

Token audience confusion in the FastMCP OAuth Proxy (fastmcp < 2.14.2) lets a malicious MCP server harvest a victim's access/refresh tokens and replay them against benign MCP servers that share the same authorization server. The proxy ignores the client-supplied `resource` parameter and instead binds every token to the proxy's own `base_url`, so receiving servers cannot enforce audience validation. A working proof-of-concept environment is published, though EPSS is negligible (0.01%) and the issue is not in CISA KEV; publicly available exploit code exists.

Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4231 MEDIUM POC This Month

Server-side request forgery in Vanna AI versions up to 2.0.2 allows unauthenticated remote attackers to manipulate the update_sql and run_sql endpoints in the Flask component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Python SSRF
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4230 LOW POC Monitor

SQL injection in Vanna up to version 2.0.2 allows authenticated remote attackers to execute arbitrary SQL queries through the update_sql endpoint function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An authenticated attacker can leverage this to read, modify, or delete database contents depending on the application's database permissions.

Python SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-32597 PyPI HIGH PATCH GHSA This Week

PyJWT versions before 2.12.0 fail to validate the 'crit' (Critical) header parameter in JSON Web Signatures (JWS), accepting tokens with unrecognized critical extensions instead of rejecting them as required by RFC 7515. This allows attackers to potentially bypass security mechanisms by injecting malicious critical extensions that the library ignores, leading to integrity compromise. With an EPSS score of only 0.01% and no KEV listing, this represents a low real-world exploitation risk despite the high CVSS score.

Information Disclosure Python Pyjwt
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31899 PyPI HIGH PATCH GHSA This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31886 Go CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service Path Traversal Docker +1
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-32274 PyPI HIGH PATCH This Week

Arbitrary file write in Black (the Python code formatter) before 26.3.1 lets an attacker who controls the value of the --python-cell-magics option place cache files at attacker-chosen filesystem locations via path traversal. The unsanitized option value is embedded directly into the computed cache filename, so a value such as '../../../tmp/pwned' escapes the cache directory and overwrites or creates files elsewhere. No public exploit is identified at time of analysis, EPSS is very low (0.02%), and the issue is not in CISA KEV; practical risk is confined to environments that feed untrusted input into Black's command-line options.

Path Traversal Python Black
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-13462 LOW PATCH Monitor

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Information Disclosure Python
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-28356 PyPI HIGH POC PATCH This Week

High severity vulnerability in Python multipart. The `parse_options_header()` function in `multipart.py` uses a regular expression with an *ambiguous alternation*, which can cause *exponential backtracking (ReDoS)* when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for **denial of service (DoS)** attacks against web applications using this library to parse request headers or `multipart/form-data` streams.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-3962 LOW Monitor

Stored cross-site scripting (XSS) in Jcharis Machine-Learning-Web-Apps affects the Jinja2 template handler in Flask applications, allowing attackers to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction to trigger and can compromise data integrity through DOM manipulation. Public exploit code exists for this vulnerability, and the project maintainers have not yet released a patch.

XSS Python
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-32128 MEDIUM This Month

FastGPT's Python Sandbox in versions 4.14.7 and earlier allows authenticated users to bypass file write restrictions by remapping standard output to arbitrary file descriptors via fcntl, enabling unauthorized file creation and modification within the container. The vulnerability exploits a gap between static detection and seccomp filtering, where remapped stdout still satisfies the write syscall rules. An attacker with sandbox access could create or overwrite arbitrary files despite the intended file system restrictions.

Python AI / ML
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Path traversal in Tautulli's /newsletter/image/images API endpoint allows unauthenticated remote attackers to read arbitrary files from the server filesystem. Tautulli, a Python-based monitoring tool for Plex Media Server, is affected in all versions prior to 2.17.0. The vulnerability carries a CVSS 4.0 score of 8.7 with network attack vector, low complexity, and no authentication required (PR:N), enabling trivial exploitation for sensitive information disclosure. No active exploitation confirmed at time of analysis, though the unauthenticated nature and public disclosure significantly elevate real-world risk.

Python Path Traversal
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in Tautulli prior to version 2.17.0 allows remote attackers to forge outbound HTTP requests from the Plex Media Server process via the unauthenticated /pms_image_proxy endpoint, potentially exposing internal services on RFC-1918 address space and enabling reconnaissance or attacks against systems accessible from the Plex server's network context.

Python SSRF
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Tautulli (Python-based Plex Media Server monitoring tool) versions prior to 2.17.0 allows authenticated administrators to bypass sandbox restrictions in notification templates via lambda expressions, enabling arbitrary Python code execution. The vulnerability exploits a flaw in the str_eval() sandbox implementation that only inspects outer code object names (co_names) while nested lambda code objects store attribute accesses in co_consts, evading security checks. CVSS 7.5 with high attack complexity and high privilege requirement (PR:H) indicates limited real-world risk scope, with no public exploit identified at time of analysis.

Python Code Injection RCE
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Hardcoded wildcard CORS headers (Access-Control-Allow-Origin: *) in the Model Context Protocol Java SDK transport layer enable cross-origin session hijacking, allowing attackers to extract session IDs from victim browsers and relay authenticated requests back to internal MCP servers. The vulnerability affects the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes in mcp-core; no public exploit code has been identified, though the attack requires user interaction (victim visiting attacker-controlled page). CVSS 6.1 reflects the combination of network-accessible vector, low attack complexity, and cross-origin impact, though practical exploitation depends on MCP server deployment architecture.

Java Cors Misconfiguration Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) in the slippers Django package's {% attrs %} template tag allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript by passing untrusted context variables containing quote characters and event handler attributes. The vulnerability affects templates that pass user-supplied or database-derived values to {% attrs %} without prior escaping. Vendor-released patch version 0.6.3 is available.

Python XSS
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Command injection in Glances Python monitoring tool allows local authenticated users to execute arbitrary system commands via malicious configuration files. Attackers with write access to Glances configuration files can embed shell commands in backtick-enclosed strings that execute automatically during config parsing with the privileges of the Glances process. In environments where Glances runs as a system service with elevated privileges, this enables privilege escalation from low-privileged user to root. CVSS 7.8 (High) with local attack vector requiring low privileges. Public exploit code exists in the advisory. EPSS data not available, not listed in CISA KEV.

Python Command Injection Privilege Escalation +1
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Cross-origin data exfiltration in Glances XML-RPC server (glances -s) allows any website to steal complete system monitoring data including hostname, OS details, process lists with command-line arguments, and network configuration through CORS misconfiguration. The server sends Access-Control-Allow-Origin: * on all responses and processes XML-RPC POST requests with Content-Type: text/plain without validation, bypassing browser CORS preflight checks. Default deployments run unauthenticated, making all network-accessible instances immediately exploitable. No public exploit identified at time of analysis, though detailed proof-of-concept code is included in the advisory.

Cors Misconfiguration Python Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.

Python Information Disclosure Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Remote code execution in giskard-agents Python library (versions ≤0.3.3 and 1.0.x alpha) allows attackers to execute arbitrary system commands when user-controlled strings are passed to the ChatWorkflow.chat() method. The vulnerability stems from unsandboxed Jinja2 template rendering that enables class traversal exploitation via Python's object introspection. Patched in versions 0.3.4 (stable) and 1.0.2b1 (pre-release). Public exploit code exists demonstrating full RCE via Jinja2 object traversal to os.popen(). No active exploitation confirmed at time of analysis, though the straightforward attack vector and clear POC make this a critical priority for affected deployments.

Python RCE Ssti
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

changedetection.io versions up to 0.54.6 leak all server environment variables including password hashes, proxy credentials, and API keys via unrestricted jq filter expressions. Attackers with API access (default: no authentication required) can extract SALTED_PASS, PLAYWRIGHT_DRIVER_URL, HTTP_PROXY, and any secrets passed to the container by creating a watch with 'jqraw:env' as the include filter. Vendor-released patch available in version 0.54.7. No active exploitation confirmed (not in CISA KEV), but a detailed proof-of-concept exists in the GitHub advisory demonstrating full environment variable extraction in three API calls.

Docker Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

KQL injection in adx-mcp-server Python package allows authenticated attackers to execute arbitrary Kusto queries against Azure Data Explorer clusters. Three MCP tool handlers (get_table_schema, sample_table_data, get_table_details) unsafely interpolate the table_name parameter into query strings via f-strings, enabling data exfiltration from arbitrary tables, execution of management commands, and potential table drops. Vendor-released patch available (commit 0abe0ee). No public exploit identified at time of analysis, though proof-of-concept code exists in the security advisory demonstrating injection via comment-based bypass and newline-separated commands. Affects adx-mcp-server ≤ commit 48b2933.

Microsoft RCE Nosql Injection +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Session hijacking in the Model Context Protocol Ruby SDK (mcp gem) allows attackers to intercept Server-Sent Events streams by reusing valid session identifiers. The streamable_http_transport.rb implementation overwrites existing SSE stream objects when a duplicate session ID connects, silently disconnecting legitimate users and redirecting all tool responses and real-time data to the attacker. A proof-of-concept demonstration has been provided showing successful stream hijacking, where the attacker receives confidential tool call responses intended for the victim. Patch available per vendor advisory (release v0.9.2 per references).

Session Fixation Python Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Dolibarr Core versions up to 22.0.4 allow authenticated users with minimal privileges to read arbitrary non-PHP files from the server via a Local File Inclusion vulnerability in /core/ajax/selectobject.php. The flaw stems from dynamic file inclusion occurring before authorization checks and a fail-open logic in the access control function, enabling exfiltration of sensitive configuration files, environment variables, and logs. Publicly available exploit code exists, and a vendor patch has been released.

PHP LFI Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

PyLoad download manager (version 0.5.0 and potentially earlier, distributed via pip as pyload-ng) allows authenticated users to perform Server-Side Request Forgery attacks by submitting arbitrary URLs through the /api/addPackage endpoint without validation. Attackers with valid credentials can exfiltrate cloud provider metadata from AWS EC2, DigitalOcean, Google Cloud, and Azure instances, exposing IAM credentials, SSH keys, API tokens, and internal network topology. A proof-of-concept demonstration is documented with live instance credentials, and upstream fix available (PR/commit); released patched version not independently confirmed based on GitHub commit reference b76b6d4ee5e32d2118d26afdee1d0a9e57d4bfe8.

SSRF Microsoft Python +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial-of-service vulnerability in python-ecdsa library allows remote attackers to crash applications parsing untrusted DER-encoded private keys through truncated or malformed DER structures. The DER parsing functions accept invalid input that declares a longer byte length than actually provided, subsequently triggering unexpected internal IndexError exceptions instead of cleanly rejecting the malformed data. Publicly available proof-of-concept code demonstrates deterministic crashes via SigningKey.from_der() on mutated DER inputs.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authenticated attackers with low-level privileges can exfiltrate sensitive database information from InvenTree open source inventory management systems prior to version 1.2.6 by abusing unvalidated filter parameters in bulk operation API endpoints. The vulnerability enables blind boolean-based data extraction through Django ORM relationship traversal, achieving high confidentiality impact with changed scope per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (score 7.7). No public exploit identified at time of analysis, and vendor-released patches are available in versions 1.2.6 and 1.3.0.

Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Tandoor Recipes versions prior to 2.6.0 allow unlimited brute-force password guessing attacks against any known username through API endpoints accepting BasicAuthentication headers. While Django AllAuth rate limiting protects the HTML login form (5 attempts per minute per IP), API endpoints completely bypass these controls, enabling high-speed credential stuffing with no account lockout. A proof-of-concept exploit exists and the attack is automatable per SSVC analysis, though no active exploitation is confirmed in CISA KEV.

Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Tandoor Recipes application versions prior to 2.6.0 expose complete database schema and access control logic through an undocumented debug parameter in the Recipe API endpoint, allowing any authenticated user to extract raw SQL queries including table structures, JOIN relationships, WHERE conditions, and multi-tenant space identifiers even in production environments with DEBUG=False. A proof-of-concept exploit is available (SSVC exploitation status: poc). The CVSS 4.0 score of 7.7 reflects network-based exploitation with no attack complexity, and SSVC indicates the vulnerability is automatable with partial technical impact.

SQLi Python
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.

Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2026-33870 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Docker RCE Python +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Langflow's Agentic Assistant feature executes LLM-generated Python code server-side during component validation, enabling arbitrary code execution when attackers can influence model outputs. The vulnerability affects the pip package 'langflow' and exists in endpoints /assist and streaming paths that invoke exec() on dynamically generated component code. A proof-of-concept exists demonstrating the execution chain from user input through validation to code execution. Authentication requirements depend on deployment configuration, with AUTO_LOGIN=true defaults potentially widening exposure. No public exploit identified at time of analysis beyond the documented PoC, though the technical details and code references provide a complete exploitation blueprint.

Python RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

BentoML, a Python framework for ML model serving, contains a command injection vulnerability in the docker.system_packages configuration field of bentofile.yaml files. The vulnerability affects all versions supporting this feature (confirmed in version 1.4.36) and allows attackers to execute arbitrary commands during the Docker image build process (bentoml containerize). This is a high-severity supply chain risk with a CVSS score of 7.8, requiring user interaction to trigger but achieving full command execution as root during container builds.

Docker Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A Command Injection vulnerability in OpenHands allows authenticated users to execute arbitrary commands in the agent sandbox by injecting shell metacharacters into the path parameter of the /api/conversations/{conversation_id}/git/diff API endpoint. The vulnerability affects OpenHands installations exposing this endpoint, with a CVSS score of 7.6. A patch is available via PR #13051, and while no EPSS or KEV data indicates active exploitation, the vulnerability is easily exploitable by any authenticated user.

Python Docker Command Injection
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An authenticated path traversal vulnerability in Zoraxy's configuration import endpoint (POST /api/conf/import) allows authenticated users to write arbitrary files outside the intended config directory by exploiting insufficient zip entry name sanitization, enabling remote code execution through malicious plugin creation. The vulnerability affects Zoraxy versions prior to 3.3.2 and has a CVSS score of 3.3 due to high privilege requirements, but poses significant real-world risk because Docker socket mapping could facilitate host takeover. A functional proof-of-concept demonstrating full RCE via entrypoint modification and plugin execution is publicly available.

Path Traversal Docker Python +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SiYuan, a note-taking application written in Go, contains an unauthenticated directory traversal vulnerability in its /api/file/readDir endpoint. The vulnerability allows remote attackers without authentication to enumerate the entire directory structure of notebooks, configuration folders, plugins, and resource directories, which can be chained with file reading vulnerabilities for arbitrary document access. A working Python proof-of-concept exploit is publicly available, demonstrating recursive directory enumeration of data/ and conf/ directories.

Path Traversal Python Suse
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An unauthenticated information disclosure vulnerability exists in SiYuan note-taking application that allows remote attackers to read the content of all documents, including encrypted or access-restricted files, through two API endpoints (/api/file/readDir and /api/block/getChildBlocks). A working proof-of-concept Python exploit has been published demonstrating complete document enumeration and content retrieval. With a CVSS score of 9.8 (Critical) indicating network-based exploitation requiring no privileges or user interaction, this represents a severe confidentiality breach for all published SiYuan instances.

Information Disclosure Python Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A critical pre-authentication denial of service vulnerability in nats-server allows an unauthenticated remote attacker to crash the entire server process by sending a single malicious 15-byte WebSocket frame. The vulnerability affects nats-server versions 2.2.0 through 2.11.13 and 2.12.0 through 2.12.4 when WebSocket listeners are enabled. A working proof-of-concept exploit in Go has been publicly disclosed by security researcher Mistz1, demonstrating that a single TCP connection can bring down the entire NATS deployment including all connected clients, JetStream streams, and cluster routes.

Denial Of Service Integer Overflow Python
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Modoboa, an open-source mail server management platform, contains a command injection vulnerability in its subprocess execution handler that allows authenticated Reseller or SuperAdmin users to execute arbitrary operating system commands. A proof-of-concept exploit exists demonstrating how shell metacharacters in domain names can achieve code execution, typically as root in standard deployments. The vulnerability affects modoboa versions up to and including 2.7.0, with patches available in version 2.7.1.

Python Command Injection OpenSSL
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A SQL injection vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

SQLi Denial Of Service Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

pyLoad versions 0.4.20 through 0.5.0b3.dev96 contain an authentication bypass vulnerability in the ClickNLoad feature's local_check decorator that allows remote attackers to spoof the HTTP Host header and access localhost-restricted endpoints without authentication. This vulnerability enables unauthenticated remote users to inject arbitrary downloads, write files to the storage directory, and execute JavaScript code with the privileges of the pyLoad process. The vulnerability has been patched in version 0.5.0b3.dev97, and exploitation appears feasible given the straightforward nature of HTTP header manipulation.

Python Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The cbor2 Python library, which implements CBOR serialization, suffers from uncontrolled recursion when decoding deeply nested CBOR structures, allowing remote attackers to trigger Denial of Service by sending crafted payloads containing approximately 100,000 nested arrays. All versions prior to 5.9.0 are affected, including both the pure Python implementation and the C extension. Attackers can crash worker processes in web servers (Gunicorn, Uvicorn) and task queues (Celery) with small malicious packets under 100KB, causing complete service outages through repeated worker crashes.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Python allows authenticated users with SETTINGS permission to modify the reconnect.script configuration parameter without restriction, which is then passed unsanitized to subprocess.run() enabling arbitrary command execution. The vulnerability exists due to insufficient input validation in the set_config_value() API endpoint, which only restricts the general.storage_folder setting while leaving other security-critical options like reconnect.script unprotected. An attacker with non-admin SETTINGS privileges can exploit this to achieve full system compromise on the affected Python installation.

Python RCE Privilege Escalation
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

The LoginControl plugin for AVideo contains a critical cryptographic weakness in its PGP-based 2FA implementation, generating 512-bit RSA keys that can be factored on commodity hardware within hours using publicly available tools. Attackers who obtain a user's public key can derive the complete private key and decrypt authentication challenges, completely bypassing the second factor protection. A proof-of-concept demonstrating key factoring and challenge decryption is included in the advisory, and unauthenticated endpoints allow anonymous CPU-intensive key generation for denial-of-service attacks.

PHP Denial Of Service Python
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Vikunja task management application contains an authentication bypass vulnerability in its password reset logic that allows disabled user accounts to be reactivated without authorization. The ResetPassword() function unconditionally sets user status to 'Active' after password reset completion, enabling disabled users to regain full access by requesting a password reset token and completing the reset process. A working proof-of-concept Python script is publicly available demonstrating automated exploitation of this vulnerability.

Python Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A non-terminating loop denial-of-service vulnerability exists in tinytag version 2.2.0, a Python library for reading audio file metadata. An attacker can supply a malicious MP3 file containing a crafted ID3v2 SYLT (synchronized lyrics) frame that causes the parsing operation to enter an infinite loop, consuming CPU resources until the worker process is terminated. The vulnerability affects server-side deployments that automatically parse user-supplied files, and has been patched in version 2.2.1.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

pyLoad, a free and open-source download manager written in Python, contains a path traversal vulnerability in versions before 0.5.0b3.dev97 that allows arbitrary file deletion outside the extraction directory during password verification of encrypted 7z archives with non-encrypted headers. Attackers can exploit this vulnerability remotely with low complexity, requiring only user interaction, to delete arbitrary files on the system. This is assigned CVE-2026-32808 with a CVSS score of 8.1 (High severity), though no active exploitation (KEV) or public proof-of-concept has been reported at this time.

Path Traversal Python
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Path traversal in pydicom versions 2.0.0-rc.1 through 3.0.1 allows local attackers to read, copy, or delete arbitrary files outside the File-set root directory by crafting malicious ReferencedFileID values in DICOMDIR files. The vulnerability exists because pydicom fails to validate that resolved file paths remain within the intended File-set root before performing file I/O operations like copy(), write(), and remove(). No patch is currently available for affected versions.

Python Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A Host Header Spoofing vulnerability in the @local_check decorator of pyload-ng allows unauthenticated external attackers to bypass local-only IP address restrictions on the Click'N'Load API endpoints by sending a crafted HTTP Host header. This authentication bypass enables remote attackers to queue arbitrary downloads on the affected pyload instance, leading to Server-Side Request Forgery (SSRF) attacks against internal or external systems and Denial of Service through resource exhaustion. A proof-of-concept exploit exists in the form of a simple curl command that demonstrates immediate exploitability without user interaction.

Authentication Bypass Denial Of Service Python +1
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

The CustomizeUser plugin in PHP and Python allows attackers to bypass channel-level access control by exploiting improper password validation in the setPassword.json.php endpoint. An administrator-level attacker can set any user's channel password to zero due to type coercion of non-numeric characters, enabling trivial authentication bypass for any visitor. No patch is currently available for this critical vulnerability.

PHP Authentication Bypass Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

WWBN/AVideo fails to properly validate the redirectUri parameter in its login flow, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled sites after successful login. The vulnerability stems from insufficient encoding of user input before it is embedded into JavaScript code that executes a redirect via document.location. An attacker can exploit this open redirect to perform phishing attacks or distribute malware by tricking users into clicking a login link with an attacker-controlled redirect destination.

PHP Python Open Redirect
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in the WWBN/AVideo CDN plugin allows authenticated attackers to inject malicious JavaScript through improperly sanitized video titles, which executes when users access download pages. An attacker with video creation or modification privileges can compromise any user viewing the affected download interface. No patch is currently available for PHP and Python implementations.

PHP XSS Python
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A critical validation bypass vulnerability in the ormar Python ORM library allows attackers to completely skip all Pydantic field validation by injecting a special '__pk_only__' parameter in JSON request bodies. This affects all applications using ormar's canonical FastAPI integration pattern (where ormar models are used directly as request body parameters), enabling attackers to persist invalid data, bypass security constraints, and potentially escalate privileges. A working proof-of-concept demonstrates the vulnerability is trivially exploitable, and with a CVSS score of 7.1, it poses significant risk to affected applications.

Privilege Escalation Python Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

NLTK downloader contains a path traversal vulnerability that allows remote attackers to write arbitrary files to any location on the filesystem when a user downloads packages from a malicious server. Attackers controlling a remote XML index server can inject path traversal sequences (../) into package metadata to overwrite critical system files including /etc/passwd or SSH authorized_keys. A working proof-of-concept exploit exists demonstrating arbitrary file creation at /tmp/test_file.zip via malicious server and client script.

Python Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.

CSRF Denial Of Service Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in NLTK's WordNet Browser application (nltk.app.wordnet_app) in the lookup_... route, where attacker-controlled word parameters are reflected into HTML responses without proper escaping. This vulnerability affects users running the local WordNet Browser server and allows attackers to inject and execute arbitrary JavaScript in the browser context of the affected application. A proof-of-concept exploit has been publicly demonstrated, and a vendor patch is available.

XSS Docker Python +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory exhaustion in Python's pickle deserialization allows attackers to crash applications by supplying a small malicious payload that forces allocation of gigabytes of memory through unrestricted constructor arguments in whitelisted classes. Applications using `_RestrictedUnpickler` to load untrusted pickle data are vulnerable to denial of service attacks. A patch is available.

Python Denial Of Service Deserialization +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.

RCE Code Injection Python +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

An unauthenticated remote code execution vulnerability exists in the mesop Python package's debugging Flask server endpoint (/exec-py) that accepts and executes arbitrary base64-encoded Python code without any authentication or validation. The vulnerability affects the mesop pip package, with a publicly disclosed proof-of-concept demonstrating trivial exploitation requiring only a single HTTP POST request. With a CVSS score of 9.8 (Critical) and detailed PoC availability, this represents an immediately exploitable vulnerability for any exposed instance.

Command Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Microsoft Path Traversal Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments.

Path Traversal Node.js CSRF +5
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

PinchTab contains a Server-Side Request Forgery (SSRF) vulnerability in its /download endpoint that allows unauthenticated attackers to bypass URL validation and cause the embedded Chromium browser to make requests to internal network services. The vulnerability affects PinchTab versions 0.7.x and 0.8.x when the security.allowDownload setting is enabled (disabled by default), and exploits a validation gap where only the initial user-supplied URL is checked while subsequent browser-initiated requests (redirects, JavaScript navigations, resource fetches) bypass this protection entirely. Although the attacker cannot receive response bodies from internal services (blind SSRF), they can trigger state-changing endpoints on localhost or private network addresses reachable from the PinchTab host, with a proof-of-concept publicly available demonstrating counter increments on internal services.

Google Python SSRF +2
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

PySpector versions 0.1.6 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator that fails to sanitize JavaScript payloads embedded within scanned Python code. When a victim scans a malicious Python file crafted by an attacker and opens the resulting HTML report in a browser, the embedded JavaScript executes in the local file context, potentially enabling DOM manipulation, page redirects, and theft of locally accessible data. A proof-of-concept demonstrating the vulnerability has been publicly disclosed.

Python XSS
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The ujson Python library prior to version 5.12.0 contains an integer overflow/underflow vulnerability in the dumps() function that can crash the Python interpreter (segmentation fault) or cause an infinite loop, leading to denial of service. The vulnerability affects applications that allow untrusted users to control the indent parameter when serializing JSON, or that use large negative indent values with nested data structures. A proof-of-concept demonstrating both the segfault and infinite loop conditions is provided in the vulnerability disclosure, though there is no evidence of active exploitation (not in KEV).

Integer Overflow Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability in AVideo's LiveLinks proxy endpoint allows unauthenticated attackers to access internal services and cloud metadata by exploiting missing validation on HTTP redirect targets. The vulnerability enables attackers to bypass initial URL validation through a malicious redirect, potentially exposing AWS/GCP/Azure instance metadata including IAM credentials. A detailed proof-of-concept is available and a patch has been released by the vendor.

PHP SSRF Google +3
NVD GitHub VulDB
EPSS 0% 4.9 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.

RCE Python Code Injection
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The pyasn1 library suffers from an uncontrolled recursion vulnerability when parsing deeply nested ASN.1 structures, allowing remote attackers to trigger a denial of service through stack exhaustion or memory consumption. Any service using pyasn1 to parse untrusted ASN.1 data (including LDAP, SNMP, Kerberos, and X.509 parsers) can be crashed remotely with a small crafted payload under 100KB. A working proof-of-concept is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 indicating high severity.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Apache Python +2
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A Server-Side Request Forgery (SSRF) vulnerability exists in frdel/agent-zero version 0.9.7 within the handle_pdf_document function of python/helpers/document_query.py. This allows authenticated remote attackers to manipulate PDF document handling to perform arbitrary server-side requests, potentially accessing internal services or exfiltrating sensitive data. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure notifications, increasing the practical risk of exploitation.

Python SSRF
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Agent Zero 0.9.7-10's get_abs_path function in python/helpers/files.py is vulnerable to path traversal, allowing authenticated remote attackers to access files outside intended directories with limited confidentiality impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Python
NVD VulDB GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS +6
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Python
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

CVE-2026-3644 is a security vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Python
NVD GitHub VulDB
EPSS 0% CVSS 3.6
LOW PATCH Monitor

## Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping.

Python XSS
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.

Python SQLi Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Silent supply-chain compromise in the ONNX Python package (pip/onnx <= 1.20.1) arises because passing silent=True to onnx.hub.load() suppresses every untrusted-repository warning and confirmation prompt, letting models download and execute from any attacker-controlled GitHub repo with zero user awareness. Because the SHA256 manifest lives in the same attacker-owned repo, the integrity check is self-defeating and always validates the malicious model. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue is fixed in 1.21.0rc1 and carries a vendor CVSS of 9.1.

Python Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

OIDC ID Token hash-binding bypass in the Authlib Python library (versions <= 1.6.8) lets attackers defeat at_hash and c_hash integrity checks by forging the JWT alg header with an unsupported value. The internal _verify_hash routine fails open-returning True when create_half_hash yields None for an unknown algorithm-so a forged token binds to an attacker-controlled access_token or authorization code. A detailed, working proof-of-concept against the real library exists; there is no public evidence of active exploitation, and EPSS is very low (0.02%). The flaw is fixed in Authlib 1.6.9.

Python RCE
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Token audience confusion in the FastMCP OAuth Proxy (fastmcp < 2.14.2) lets a malicious MCP server harvest a victim's access/refresh tokens and replay them against benign MCP servers that share the same authorization server. The proxy ignores the client-supplied `resource` parameter and instead binds every token to the proxy's own `base_url`, so receiving servers cannot enforce audience validation. A working proof-of-concept environment is published, though EPSS is negligible (0.01%) and the issue is not in CISA KEV; publicly available exploit code exists.

Authentication Bypass Python
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Server-side request forgery in Vanna AI versions up to 2.0.2 allows unauthenticated remote attackers to manipulate the update_sql and run_sql endpoints in the Flask component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Python SSRF
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Vanna up to version 2.0.2 allows authenticated remote attackers to execute arbitrary SQL queries through the update_sql endpoint function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An authenticated attacker can leverage this to read, modify, or delete database contents depending on the application's database permissions.

Python SQLi
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

PyJWT versions before 2.12.0 fail to validate the 'crit' (Critical) header parameter in JSON Web Signatures (JWS), accepting tokens with unrecognized critical extensions instead of rejecting them as required by RFC 7515. This allows attackers to potentially bypass security mechanisms by injecting malicious critical extensions that the library ignores, leading to integrity compromise. With an EPSS score of only 0.01% and no KEV listing, this represents a low real-world exploitation risk despite the high CVSS score.

Information Disclosure Python Pyjwt
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary file write in Black (the Python code formatter) before 26.3.1 lets an attacker who controls the value of the --python-cell-magics option place cache files at attacker-chosen filesystem locations via path traversal. The unsanitized option value is embedded directly into the computed cache filename, so a value such as '../../../tmp/pwned' escapes the cache directory and overwrites or creates files elsewhere. No public exploit is identified at time of analysis, EPSS is very low (0.02%), and the issue is not in CISA KEV; practical risk is confined to environments that feed untrusted input into Black's command-line options.

Path Traversal Python Black
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Information Disclosure Python
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

High severity vulnerability in Python multipart. The `parse_options_header()` function in `multipart.py` uses a regular expression with an *ambiguous alternation*, which can cause *exponential backtracking (ReDoS)* when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for **denial of service (DoS)** attacks against web applications using this library to parse request headers or `multipart/form-data` streams.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Stored cross-site scripting (XSS) in Jcharis Machine-Learning-Web-Apps affects the Jinja2 template handler in Flask applications, allowing attackers to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction to trigger and can compromise data integrity through DOM manipulation. Public exploit code exists for this vulnerability, and the project maintainers have not yet released a patch.

XSS Python
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

FastGPT's Python Sandbox in versions 4.14.7 and earlier allows authenticated users to bypass file write restrictions by remapping standard output to arbitrary file descriptors via fcntl, enabling unauthorized file creation and modification within the container. The vulnerability exploits a gap between static detection and seccomp filtering, where remapped stdout still satisfies the write syscall rules. An attacker with sandbox access could create or overwrite arbitrary files despite the intended file system restrictions.

Python AI / ML
NVD GitHub VulDB
Prev Page 9 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy