CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

7.5CVSS6.8AI score0.00781EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python-babel

In Babel.Locale before version 2.9.1, attackers could load arbitrary locale .dat files containing serialized Python objects through directory traversal, resulting in code execution...

7.8CVSS7.2AI score0.00169EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в python-django

A issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the truncatecharshtml and truncatewordshtml template filters, allow a remote attacker to cause a potential...

7.5CVSS7.1AI score0.00079EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в python-cryptography

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions, Cipher.updateinto would accept Python objects that implement the buffer protocol, but only provide immutable buffers. This would allow immutable objects such as bytes to b...

6.5CVSS6.7AI score0.00688EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в python-urllib3

In urllib3 before version 1.24.2, the authorization HTTP header is not removed when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE:...

6.1CVSS6.8AI score0.00223EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в python-urllib3

urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.8AI score0.00014EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python3.7, python2.7

A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...

7.5CVSS6.9AI score0.0013EPSS

GithubExploit•added 2026/05/03 10:44 p.m.•55 views

pentest-automation-framework

pentest-automation-framework Built this to speed up structure...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/05/03 9:26 p.m.•8 views

Malicious code in gauth-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...

5.8AI score

OSV•added 2026/05/03 9:26 p.m.•2 views

MAL-2026-3252 Malicious code in gauth-client (PyPI)

5.8AI score

OSV•added 2026/05/03 8:58 p.m.•4 views

MAL-2026-3251 Malicious code in puan31 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

OSSF Malicious Packages•added 2026/05/03 8:23 p.m.•5 views

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/05/03 8:23 p.m.•2 views

Exploits0References9

MAL-2026-3250 Malicious code in rostilesolver (PyPI)

OSSF Malicious Packages•added 2026/05/03 12:20 p.m.•5 views

Exploits0References9

Malicious code in puan4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6be2e7028440f68ad3621664d195d72288e6a1d8658f16a421f3ec52d63d6f7a During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like sensitive files and browsers' dat...

OSSF Malicious Packages•added 2026/05/03 12:16 p.m.•9 views

Malicious code in puan3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 531ab02814e67f81e5c82fb57b72d59c3972d0975932f6e9d00ea680040e9a13 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...