Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-22416
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Reque...
Pyload-ng Project Pyload-ng
1 Github repository
7.5
CVSSv3
CVE-2023-52288
An issue exists in the flaskcode package up to and including 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows malicious users to read arbitrary files.
Sujeetkv Flaskcode
7.5
CVSSv3
CVE-2023-52289
An issue exists in the flaskcode package up to and including 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows malicious users to write to arbitrary files.
Sujeetkv Flaskcode
8.8
CVSSv3
CVE-2024-21669
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifyin...
Hyperledger Aries Cloud Agent
Hyperledger Aries Cloud Agent 0.11.0
2.8
CVSSv3
CVE-2024-22194
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (ma...
Lfprojects Case Python Utilities 0.5.0
Lfprojects Case Python Utilities 0.6.0
Lfprojects Case Python Utilities 0.7.0
Lfprojects Case Python Utilities 0.8.0
Lfprojects Case Python Utilities 0.9.0
Lfprojects Case Python Utilities 0.10.0
Lfprojects Case Python Utilities 0.11.0
Lfprojects Case Python Utilities 0.12.0
Lfprojects Case Python Utilities 0.13.0
Lfprojects Case Python Utilities 0.14.0
Lfprojects Cdo Local Uuid Utility 0.4.0
6.1
CVSSv3
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` f...
Palletsprojects Jinja
1 Github repository
7.8
CVSSv3
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those feat...
Gitpython Project Gitpython
1 Github repository
7.5
CVSSv3
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an malicious user to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed...
Fonttools Fonttools
1 Article
7.5
CVSSv3
CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
Pyload Pyload
Pyload Pyload 0.5.0
1 Github repository
5.3
CVSSv3
CVE-2024-21645
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be...
Pyload Pyload
Pyload Pyload 0.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »