Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47627
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt whe...
Aiohttp Aiohttp
NA
CVE-2023-47641
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En...
Aiohttp Aiohttp
NA
CVE-2023-46445
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
Asyncssh Project Asyncssh
1 Github repository
1 Article
NA
CVE-2023-46446
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Asyncssh Project Asyncssh
1 Github repository
1 Article
NA
CVE-2023-45167
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.
Ibm Aix 7.3
Ibm Vios 4.1
NA
CVE-2023-46404
PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.
Utoronto Pcrs
1 Github repository
NA
CVE-2023-43665
In Django 3.2 prior to 3.2.22, 4.1 prior to 4.1.12, and 4.2 prior to 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HT...
Djangoproject Django
Fedoraproject Fedora 39
NA
CVE-2023-44271
An issue exists in Pillow prior to 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance...
Python Pillow
Fedoraproject Fedora 38
NA
CVE-2023-41164
In Django 3.2 prior to 3.2.21, 4.1 prior to 4.1.11, and 4.2 prior to 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Djangoproject Django
Fedoraproject Fedora 39
NA
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core prior to 1.13.5 allows malicious users to execute arbitrary Python code.
Toumorokoshi Transmute-core
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »