Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote malicious user to execute arbitrary code via the PALChain parameter in the Python exec method.
Langchain Langchain 0.0.64
9.8
CVSSv3
CVE-2023-36258
An issue in LangChain prior to 0.0.236 allows an malicious user to execute arbitrary code because Python code with os.system, exec, or eval can be used.
Langchain Langchain 0.0.199
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
9.8
CVSSv3
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an malicious user to authenticate and access unauthorized resources. This does ...
Apache Superset
20 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-29374
In LangChain up to and including 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
Langchain Langchain
2 Github repositories
9.8
CVSSv3
CVE-2018-25082
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address th...
Wechat Sdk Python Project Wechat Sdk Python
9.8
CVSSv3
CVE-2023-26477
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional para...
Xwiki Xwiki
1 Github repository
9.8
CVSSv3
CVE-2023-25823
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions before 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private ...
Gradio Project Gradio
9.8
CVSSv3
CVE-2023-24107
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 exists to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows malicious users to access sensitive user information and execute arbitrary code.
Hour Of Code Python 2015 Project Hour Of Code Python 2015 2015-12-11
9.8
CVSSv3
CVE-2023-0297
Code Injection in GitHub repository pyload/pyload before 0.5.0b3.dev31.
Pyload Pyload
7 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »