Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
7.5
CVSSv3
CVE-2023-46136
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is perform...
Palletsprojects Werkzeug 3.0.0
Palletsprojects Werkzeug
1 Github repository
7.8
CVSSv3
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll,&...
Rapid7 Insight Agent
9.8
CVSSv3
CVE-2019-19844
Django prior to 1.11.27, 2.x prior to 2.2.9, and 3.x prior to 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an malicious user to be sent a passwo...
Djangoproject Django
Djangoproject Django 3.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
7 Github repositories
7.8
CVSSv3
CVE-2018-6353
The Python console in Electrum up to and including 2.9.4 and 3.x up to and including 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attac...
Electrum Electrum 3.0.3
Electrum Electrum
Electrum Electrum 3.0.5
Electrum Electrum 3.0.0
Electrum Electrum 3.0.1
Electrum Electrum 3.0.2
6.1
CVSSv3
CVE-2016-5699
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) prior to 2.7.10 and 3.x prior to 3.4.4 allows remote malicious users to inject arbitrary HTTP headers via CRLF sequences in a URL.
Python Python
Python Python 3.1.1
Python Python 3.3.2
Python Python 3.0
Python Python 3.0.1
Python Python 3.2.2
Python Python 3.1.0
Python Python 3.2.5
Python Python 3.1.5
Python Python 3.3.6
Python Python 3.4.0
Python Python 3.2.1
Python Python 3.2.0
Python Python 3.3.1
Python Python 3.4.3
Python Python 3.1.2
Python Python 3.3.4
Python Python 3.3.5
Python Python 3.2.3
Python Python 3.2.6
Python Python 3.3.0
Python Python 3.4.2
3 Github repositories
NA
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
NA
CVE-2012-5495
python_scripts.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to execute Python code via a crafted URL, related to "go_back."
Plone Plone 4.2
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
Plone Plone 3.0.3
Plone Plone 2.1
Plone Plone 2.0.5
Plone Plone 2.0.4
Plone Plone 2.0.3
Plone Plone 4.1.6
Plone Plone 4.1.4
Plone Plone 4.0.1
Plone Plone 3.3.5
Plone Plone 3.2.2
Plone Plone 3.2
Plone Plone 3.1.3
Plone Plone 3.1.1
Plone Plone 3.0.1
NA
CVE-2012-5485
registerConfiglet.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to execute Python code via unspecified vectors, related to the admin interface.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
NA
CVE-2012-5488
python_scripts.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to execute Python code via a crafted URL, related to createObject.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »