Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-27482
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or...
Home-assistant Supervisor
Home-assistant Home-assistant
9.9
CVSSv3
CVE-2023-46404
PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.
Utoronto Pcrs
1 Github repository
9.9
CVSSv3
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least gener...
Zope Restrictedpython
Zope Restrictedpython 6.0
9.9
CVSSv3
CVE-2023-27479
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause ...
Xwiki Xwiki
Xwiki Xwiki 6.3
9.9
CVSSv3
CVE-2022-28802
Code by Zapier prior to 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all u...
Zapier Code By Zapier
9.9
CVSSv3
CVE-2021-33509
Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Plone Plone
9.9
CVSSv3
CVE-2020-26943
An issue exists in OpenStack blazar-dashboard prior to 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may ...
Openstack Blazar-dashboard
Openstack Blazar-dashboard 2.0.0
Openstack Blazar-dashboard 3.0.0
9.9
CVSSv3
CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Redhat Openstack Platform 15.0
Redhat Openstack Platform 16.0
Redhat Openstack Platform 16.1
1 Article
9.8
CVSSv3
CVE-2024-23752
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) up to and including 1.5.17 allows malicious users to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language sp...
Gabrieleventuri Pandasai
9.8
CVSSv3
CVE-2023-50423
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap Sap-xssec
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »