Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from...
Roxy-wi Roxy-wi
1 Github repository
10
CVSSv2
CVE-2020-14343
A vulnerability exists in the PyYAML library in versions prior to 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted inp...
Pyyaml Pyyaml
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
5 Github repositories
10
CVSSv2
CVE-2019-19875
An issue exists in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
Br-automation Industrial Automation Aprol
10
CVSSv2
CVE-2020-15348
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
Zyxel Cloud Cnm Secumanager 3.1.0
Zyxel Cloud Cnm Secumanager 3.1.1
10
CVSSv2
CVE-2020-1747
A vulnerability exists in the PyYAML library in versions prior to 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted i...
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
2 Github repositories
10
CVSSv2
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions prior to 1.0.19.20 or inject HTML in password recovery emai...
Grandstream Ucm6200 Firmware
1 EDB exploit
1 Metasploit module
10
CVSSv2
CVE-2019-17526
An issue exists in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os...
Sagemath Sagemathcell
10
CVSSv2
CVE-2019-15107
An issue exists in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Webmin Webmin
1 EDB exploit
49 Github repositories
1 Article
10
CVSSv2
CVE-2017-6900
An issue exists in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Furt...
Riello-ups Netman 204 Firmware 15-2
Riello-ups Netman 204 Firmware 14-2
10
CVSSv2
CVE-2018-19646
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote malicious users to execute arbitrary OS commands because command-line arguments are mishandled.
Imperva Securesphere 13.0.10
Imperva Securesphere 13.2.10
Imperva Securesphere 13.1.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »