Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python requests vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7749
The SSH server implementation of AsyncSSH prior to 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Asyncssh Project Asyncssh
NA
CVE-2010-4534
The administrative interface in django.contrib.admin in Django prior to 1.1.3, 1.2.x prior to 1.2.4, and 1.3.x prior to 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive i...
Djangoproject Django 0.95.1
Djangoproject Django 0.96
Djangoproject Django 0.91
Djangoproject Django 0.95
Djangoproject Django
Djangoproject Django 1.1.0
Djangoproject Django 1.0
Djangoproject Django 1.0.1
Djangoproject Django 1.0.2
Djangoproject Django 1.1
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2
Djangoproject Django 1.3
3.1
CVSSv3
CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django prior to 1.8.10 and 1.9.x prior to 1.9.3 allows remote malicious users to enumerate users via a timing attack involving login requests.
Djangoproject Django 1.8.9
Djangoproject Django 1.9.2
Djangoproject Django 1.9.1
Djangoproject Django 1.9
NA
CVE-2013-2037
httplib2 0.7.2, 0.8, and previous versions, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users ...
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Httplib2 Project Httplib2
Httplib2 Project Httplib2 0.8
7.5
CVSSv3
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether ...
Djangoproject Django 2.0.1
Djangoproject Django 1.11.9
Djangoproject Django 2.0
Djangoproject Django 1.11.8
Canonical Ubuntu Linux 17.10
NA
CVE-2011-4139
Django prior to 1.2.7 and 1.3.x prior to 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote malicious users to conduct cache poisoning attacks via a crafted request.
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
NA
CVE-2011-4136
django.contrib.sessions in Django prior to 1.2.7 and 1.3.x prior to 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote malicious users to modify a session by triggering use of a key ...
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.1.3
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
6.5
CVSSv3
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr...
Aiohttp Aiohttp
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2024-24762
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the ...
Tiangolo Fastapi
NA
CVE-2013-0305
The administrative interface for Django 1.3.x prior to 1.3.6, 1.4.x prior to 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Djangoproject Django 1.3.2
Djangoproject Django 1.3.3
Djangoproject Django 1.3
Djangoproject Django 1.3.1
Djangoproject Django 1.4
Djangoproject Django 1.4.1
Djangoproject Django 1.4.2
Djangoproject Django 1.5
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »