Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

Pypiserver <1.2.5 - Carriage Return Line Feed Injection

Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI. id: CVE-2019-6802 info: name: Pypiserver 1.2.5 - Carriage Return Line Feed Injection author...

wined

Windows Exploitation wined Tools The following scripts were...

Photon OS 5.0: Python3 PHSA-2026-5.0-0862

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0862. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

angr 9.2.221

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

ROOT-APP-PYPI-CVE-2023-22946 CVE-2023-22946 in rootio-pyspark - Patched by Root

Root has patched CVE-2023-22946 in the rootio-pyspark package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-26331 CVE-2026-26331 in rootio-yt-dlp - Patched by Root

Root has patched CVE-2026-26331 in the rootio-yt-dlp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-21860 CVE-2026-21860 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2026-21860 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-47273 CVE-2025-47273 in rootio-setuptools - Patched by Root

Root has patched CVE-2025-47273 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-37891 CVE-2024-37891 in rootio-urllib3 - Patched by Root

Root has patched CVE-2024-37891 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-66471 CVE-2025-66471 in rootio-urllib3 - Patched by Root

Root has patched CVE-2025-66471 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-5569 CVE-2024-5569 in rootio-zipp - Patched by Root

Root has patched CVE-2024-5569 in the rootio-zipp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2022-40897 CVE-2022-40897 in rootio-setuptools - Patched by Root

Root has patched CVE-2022-40897 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-69277 CVE-2025-69277 in rootio-PyNaCl - Patched by Root

Root has patched CVE-2025-69277 in the rootio-PyNaCl package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-24793 CVE-2025-24793 in rootio-snowflake-connector-python - Patched by Root

Root has patched CVE-2025-24793 in the rootio-snowflake-connector-python package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root

Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root

Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...