Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-42561
An issue exists in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows malicious users to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in ...
Mitre Caldera
9
CVSSv2
CVE-2021-43837
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions prior to 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the res...
Vault-cli Project Vault-cli
9
CVSSv2
CVE-2020-26943
An issue exists in OpenStack blazar-dashboard prior to 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may ...
Openstack Blazar-dashboard
Openstack Blazar-dashboard 2.0.0
Openstack Blazar-dashboard 3.0.0
9
CVSSv2
CVE-2020-11057
In XWiki Platform 7.2 up to and including 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
Xwiki Xwiki
9
CVSSv2
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authent...
Primasystems Flexair
1 EDB exploit
9
CVSSv2
CVE-2019-10662
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Grandstream Ucm6204 Firmware
1 Metasploit module
9
CVSSv2
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
9
CVSSv2
CVE-2008-6954
The web interface (CobblerWeb) in Cobbler prior to 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Michael Dehaan Cobbler 1.2.3
Michael Dehaan Cobbler 1.2.2
Michael Dehaan Cobbler 0.6.5
Michael Dehaan Cobbler 0.6.4
Michael Dehaan Cobbler 0.4.6
Michael Dehaan Cobbler 0.4.5
Michael Dehaan Cobbler 0.3.5
Michael Dehaan Cobbler 0.3.4
Michael Dehaan Cobbler 0.2.3
Michael Dehaan Cobbler 0.2.2
Michael Dehaan Cobbler 1.2.0
Michael Dehaan Cobbler 1.0.3-1
Michael Dehaan Cobbler 0.6.3
Michael Dehaan Cobbler 0.6.1
Michael Dehaan Cobbler 0.4.3
Michael Dehaan Cobbler 0.4.2
Michael Dehaan Cobbler 0.3.3
Michael Dehaan Cobbler 0.3.1
Michael Dehaan Cobbler 0.2.1
Michael Dehaan Cobbler 0.1.1.7
Michael Dehaan Cobbler 1.2.6
Michael Dehaan Cobbler 1.2.5
8.8
CVSSv2
CVE-2021-41131
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_o...
Linuxfoundation The Update Framework
8.5
CVSSv2
CVE-2021-33509
Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Plone Plone
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »