Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-48699
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to...
Ubertidavide Fastbots
9.8
CVSSv3
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core prior to 1.13.5 allows malicious users to execute arbitrary Python code.
Toumorokoshi Transmute-core
9.8
CVSSv3
CVE-2023-44467
langchain_experimental (aka LangChain Experimental) in LangChain prior to 0.0.306 allows an malicious user to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
Langchain Langchain Experimental 0.0.14
9.8
CVSSv3
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level tr...
Teluu Pjsip
9.8
CVSSv3
CVE-2023-41419
An issue in Gevent before version 23.9.0 allows a remote malicious user to escalate privileges via a crafted script to the WSGIServer component.
Gevent Gevent
9.8
CVSSv3
CVE-2019-19450
paraparser in ReportLab prior to 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to...
Reportlab Reportlab
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2022-48565
An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Python Python
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2023-40267
GitPython prior to 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Gitpython Project Gitpython
9.8
CVSSv3
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an malicious user to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Langchain Langchain 0.0.194
9.8
CVSSv3
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote malicious user to execute arbitrary code via the PALChain parameter in the Python exec method.
Langchain Langchain 0.0.64
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »