Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an malicious user to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed...
Fonttools Fonttools
1 Article
NA
CVE-2024-21319
Microsoft Identity Denial of service vulnerability
Microsoft .net
Microsoft Identity Model
Microsoft Visual Studio 2022
1 Github repository
NA
CVE-2018-25095
The Duplicator WordPress plugin prior to 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
Snapcreek Duplicator
1 Github repository
NA
CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
Pyload Pyload
Pyload Pyload 0.5.0
1 Github repository
NA
CVE-2024-21645
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be...
Pyload Pyload
Pyload Pyload 0.5.0
NA
CVE-2023-51663
Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users hav...
Hail Hail
NA
CVE-2020-17163
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Microsoft Python Extension
NA
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
NA
CVE-2023-51449
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` before 4.11.0 contained a vulnerability in the `/file` route which made them susceptible ...
Gradio Project Gradio
NA
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e.,...
Networktocode Nautobot
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »