Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-1449
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote malicious users to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
Python Python 2.5.0
NA
CVE-2010-1450
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote malicious users to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
Python Python 2.5.0
7
CVSSv3
CVE-2022-26488
In Python prior to 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local malicious user to add user-writable directories to the system search path. To exploit, an administrator must have installed Pytho...
Python Python
Python Python 3.11.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
2.8
CVSSv3
CVE-2024-22194
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (ma...
Lfprojects Case Python Utilities 0.5.0
Lfprojects Case Python Utilities 0.6.0
Lfprojects Case Python Utilities 0.7.0
Lfprojects Case Python Utilities 0.8.0
Lfprojects Case Python Utilities 0.9.0
Lfprojects Case Python Utilities 0.10.0
Lfprojects Case Python Utilities 0.11.0
Lfprojects Case Python Utilities 0.12.0
Lfprojects Case Python Utilities 0.13.0
Lfprojects Case Python Utilities 0.14.0
Lfprojects Cdo Local Uuid Utility 0.4.0
9.8
CVSSv3
CVE-2017-0906
The Recurly Client Python Library prior to 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
Recurly Recurly Client Python
Recurly Recurly Client Python 2.3.0
Recurly Recurly Client Python 2.5.0
Recurly Recurly Client Python 2.6.1
Recurly Recurly Client Python 2.6.0
NA
CVE-2013-7323
python-gnupg prior to 0.3.5 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Vinay Sajip Python-gnupg
Vinay Sajip Python-gnupg 0.3.3
Vinay Sajip Python-gnupg 0.3.1
Vinay Sajip Python-gnupg 0.3.2
Vinay Sajip Python-gnupg 0.3.0
7.8
CVSSv3
CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local malicious users to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1....
Python-hyperkitty Project Python-hyperkitty
6.5
CVSSv3
CVE-2021-46823
python-ldap prior to 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker cou...
Python-ldap Python-ldap
9.8
CVSSv3
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
8.8
CVSSv3
CVE-2019-13611
An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Python-engineio Project Python-engineio
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »