57688 matches found
PT-2026-36887
Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...
PPTAgent 安全漏洞
PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...
RHCOS 9 : OpenShift Container Platform 4.15.30 (RHSA-2024:6016)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6016 advisory. - python-werkzeug: user may execute code on a developer's machine CVE-2024-34069 Note that Nessus has not tested for this issue but has inste...
RHCOS 9 : OpenShift Container Platform 4.13.54 (RHSA-2024:10815)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10815 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...
RHCOS 9 : OpenShift Container Platform 4.15.39 (RHSA-2024:10145)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10145 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...
OPENSUSE-SU-2026:10680-1 python311-django-allauth-65.16.1-2.1 on GA media
These are all security issues fixed in the python311-django-allauth-65.16.1-2.1 package on the GA media of openSUSE Tumbleweed...
Astra Linux - уязвимость в python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...
Astra Linux - уязвимость в python-py
A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...
Astra Linux - уязвимость в python-tornado
A vulnerability in Tornado versions 6.3.1 and earlier allows a remote, unauthenticated attacker to redirect a user to an arbitrary web site and carry out a phishing attack by causing the user to access a specially crafted URL...
Astra Linux - уязвимость в python-urllib3
urllib3 is a user-friendly HTTP client library for Python. Prior to version 2.5.0, it was possible to disable redirections for all requests by instantiating a PoolManager and specifying retries in a way that disables redirections. By default, requests and botocore users are not affected. An...
Astra Linux - уязвимость в python-babel
In Babel.Locale before version 2.9.1, attackers could load arbitrary locale .dat files containing serialized Python objects through directory traversal, resulting in code execution...
Astra Linux - уязвимость в python-bleach
A mutation XSS affects users who call bleachclean with any of the following tags: svg or math within the allowed tags p or br in allowed tags, style, title, noscript, script, textarea, noframes, iframe, or xmp within allowed tags. The keyword argument is stripcomments=False. Note: None of the abo...
Astra Linux - уязвимость в python-django
A issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the truncatecharshtml and truncatewordshtml template filters, allow a remote attacker to cause a potential...
Astra Linux - уязвимость в python-cryptography
Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions, Cipher.updateinto would accept Python objects that implement the buffer protocol, but only provide immutable buffers. This would allow immutable objects such as bytes to b...
Astra Linux - уязвимость в python-urllib3
In urllib3 before version 1.24.2, the authorization HTTP header is not removed when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE:...
Astra Linux - уязвимость в python-urllib3
urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
Astra Linux - уязвимость в python3.7, python2.7
A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...
Astra Linux - уязвимость в python2.7, python3.7
A use-after-free exists in Python through version 3.9 via the heappushpop function in the heapq module...
pentest-automation-framework
pentest-automation-framework Built this to speed up structure...
Malicious code in gauth-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...